Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026. The activity, besides embracing

The article reports that the Iranian state-sponsored group Nimbus Manticore is using AI-assisted development to create the MiniFast backdoor and conducting phishing and SEO poisoning campaigns against aviation, software, and energy-sector targets across multiple regions.[1][4] It describes multi-stage infection chains leveraging fake job offers, trojanized Zoom installers, and weaponized SQL Developer downloads to deploy MiniFast and MiniJunk V2 for long-term espionage and remote access.[1][3] From a CyberSE.AI perspective, this is a clear case of malicious AI use, where adversaries are enhancing malware design and delivery with AI and sophisticated social engineering, raising the bar for detection and response. Organizations operating AI-enabled systems and agents should incorporate continuous AI-focused red teaming and threat-informed testing to ensure their defenses, filters, and monitoring pipelines can withstand AI-augmented phishing, SEO poisoning, and backdoor campaigns of this kind.