A hacking group linked to Iran, called Nimbus Manticore, has launched a fresh wave of cyberattacks across Europe. Security researchers say this group, also tracked under names like UNC1549 and Smoke Sandstorm, has returned with improved malware and smarter techniques. Earlier it focused more on the Middle East, but this time the spotlight is on Western Europe.

The main targets are in Denmark, Sweden, and Portugal. The group is aiming at industries such as defense, aviation, and telecommunications. These sectors are important because they deal with highly sensitive data and advanced technology. If attackers succeed, they can gain valuable secrets and disrupt key services.

One of the most common tricks used is spear-phishing. The hackers pretend to be recruiters offering jobs. They even build fake career portals that look professional. Each target gets a unique login, which makes the attack harder to spot and easier for the hackers to control. This careful planning shows the group’s growing maturity.

Technically, the malware has also become more advanced. Nimbus Manticore relies on DLL side-loading, where a malicious file is loaded through a trusted program. This method hides the malware inside normal system processes. Because of this, many security tools struggle to detect the attack in time.

Researchers discovered two main tools: MiniJunk, which acts as a backdoor to keep access, and MiniBrowse, which is used to steal data. To avoid detection, the hackers sign their files with valid certificates, pad them with junk data, and scramble the code. All these steps make it harder for experts to analyze the malware.

The phishing part is also well designed. By offering fake job opportunities, the attackers exploit human curiosity and trust. Since each victim gets a personalized setup, the approach looks more real than mass email spam. This level of detail suggests a professional and well-funded operation.

The danger is not only in stealing information. Defense companies may lose sensitive blueprints, telecom firms could have communication systems compromised, and aviation companies might see critical designs stolen. By shifting to European targets, Nimbus Manticore shows that its goals go beyond regional politics. It is now focusing on long-term espionage.

Experts recommend simple but strong defenses. Employees must be careful with unexpected job offers or strange links. Companies should enforce multi-factor authentication and keep software updated. Monitoring networks for unusual activity and training staff to spot phishing attempts are also important. The latest campaign proves that state-linked hackers are getting smarter, and vigilance is the only way to stay safe.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news