Nimbus Manticore Deploys New Malware Targeting Europe research.checkpoint.com/2025/nimb…

Check Point Research is tracking a long‑running campaign by the Iranian threat actor Nimbus Manticore, which overlaps with UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operations. The ongoing campaign targets defense manufacturing, telecommunications, and aviation that are aligned with IRGC strategic priorities. Nimbus Manticore’s recent activity indicates a heightened focus on Western Europe, specifically Denmark, Sweden, and Portugal. The threat actor impersonates local and global aerospace, defense manufacturing, and telecommunications organizations.The threat actor uses tailored spear‑phishing from alleged HR recruters directing victims to fake career portals. Each target receives a unique URL and credentials, enabling tracking and controlled access of each victim. This approach demonstrates strong OPSEC and credible pretexting.