Iranian hackers have launched a new wave of cyberattacks using malware called MiniFast and MiniJunk V2, targeting organizations in the aviation and software sectors across the U.S., Europe, and the Middle East.
The Targets
Nimbus Manticore, a state-sponsored threat actor, has been behind this campaign, which impersonates legitimate organizations to trick victims into installing the malware. The attackers are using phishing emails and SEO poisoning to spread their tactics.
Phishing emails often appear to come from a trusted source, like a colleague or a well-established company, and contain links or attachments that, when clicked or opened, download the malware onto the victim’s device. SEO poisoning, on the other hand, involves manipulating search engine results to make malicious websites appear legitimate and increase the chances of users stumbling upon them.
The Malware
MiniFast and MiniJunk V2 are designed to evade detection and carry out various malicious activities on an infected system. MiniFast is a trojan that steals sensitive information, including login credentials and financial data, while MiniJunk V2 is a backdoor that allows attackers to remotely access and control the compromised system.
These malware variants are part of a wider range of tools in Nimbus Manticore’s arsenal, and their deployment shows the group’s adaptability and persistence in its cyberattacks.
What This Means
This campaign serves as a reminder that cyberattacks are a growing concern, especially for organizations in the aviation and software sectors. Companies in these industries should bolster their cybersecurity measures, including employee training on phishing and SEO poisoning tactics, and ensure that their systems are up-to-date with the latest security patches.
Individuals can also protect themselves by being cautious when clicking on links or opening attachments from unknown sources and using reputable antivirus software to scan their devices for malicious activity.
