Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning

Iranian state-sponsored threat actor Nimbus Manticore uses phishing and SEO poisoning to deploy MiniFast and MiniJunk V2, targeting aviation and software sectors in the US, Europe, and the Middle East.

1. MiniFast and MiniJunk V2 malware tools are being used in phishing and SEO poisoning attacks.
2. Targeted sectors include aviation and software, with a focus on organizations in the US, Europe, and the Middle East.
3. Attack chain involves phishing emails and compromised websites, with potential for persistence through SEO poisoning.
4. Detection opportunities include monitoring for suspicious email attachments and unusual website traffic patterns.

T1566.001 Spearphishing Attachment, T1190 Exploit Public-Facing Application

MiniFast and MiniJunk V2 malware, phishing emails, compromised websites, SEO poisoning

Implement robust email filtering and phishing detection, monitor website traffic for suspicious activity, and ensure software and systems are up-to-date with the latest security patches.