Illustration of Iranian APT group Nimbus Manticore launching fake job recruitment phishing attacks on European critical infrastructure, featuring malware icons, fake websites, and targeted sectors like aerospace and telecom.

Iranian APT Nimbus Manticore (UNC1549/Smoke Sandstorm) targets job seekers in Europe's critical infrastructure via fake recruitment sites impersonating Boeing, Airbus, and others, using React templates for realistic career pages. Spear-phishing provides unique credentials for controlled access to malware-laden archives, blocking outsiders, with "career"-themed domains hidden behind Cloudflare.

Illustration of Iranian APT group Nimbus Manticore launching fake job recruitment phishing attacks on European critical infrastructure, featuring malware icons, fake websites, and targeted sectors like aerospace and telecom.Illustration of Iranian APT group Nimbus Manticore launching fake job recruitment phishing attacks on European critical infrastructure, featuring malware icons, fake websites, and targeted sectors like aerospace and telecom.

Malware has advanced from Minibike to MiniJunk (novel DLL loading for evasion and persistence) and MiniBrowse (stealthy data exfiltration). Parallel campaigns use simpler tools but identical social engineering, showing flexibility.

Illustration of Iranian APT group Nimbus Manticore launching fake job recruitment phishing attacks on European critical infrastructure, featuring malware icons, fake websites, and targeted sectors like aerospace and telecom.Illustration of Iranian APT group Nimbus Manticore launching fake job recruitment phishing attacks on European critical infrastructure, featuring malware icons, fake websites, and targeted sectors like aerospace and telecom.

Expansion hits Western Europe (Denmark, Sweden, Portugal) in defense/telecom/aerospace, aligning with IRGC goals; Check Point blocked Israeli attempts.
Mitigations: Block phishing/attachments with email security; protect endpoints from malware; monitor networks for C2; train on job scams; heighten sector vigilance.
 
NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, Z Plus Security