Iranian Hackers Target US Aviation Sector with Phishing and SEO Poisoning

📌 Iran-linked threat group Nimbus Manticore (also referred to as APT42 or Charming Kitten) has targeted the US aviation sector using phishing campaigns and SEO poisoning to deploy the MiniFast backdoor. The malware, reportedly built with AI-assisted tools, enables persistent access and data exfiltration. The attacks focus on aviation organizations, though specific victims, dates, or technical indicators (e.g., CVE IDs) were not disclosed. The campaign leverages malicious search engine optimization to distribute malware-laden documents and links. No further details on the scale of compromise or operational timeline were provided.