Zet AI‑inzichten om in gerichte actie
Trending
Categories
Iranian Threat Group Uses AI-Enabled ‘MiniFast’ Backdoor to Target U.S. Aviation Sector

Iranian Threat Group Employs AI-Enabled ‘MiniFast’ Backdoor to Target U.S. Aviation Sector
Nimbus Manticore’s Renewed Cyber Campaign
The Iranian state-sponsored threat group Nimbus Manticore has intensified its cyber operations against the U.S. aviation industry by deploying a novel AI-assisted backdoor known as “MiniFast,” according to a report published by Check Point Research. These attacks coincided with the U.S.-Israel military campaign Operation Epic Fury and were observed throughout the Iran war in March 2026. Nimbus Manticore, linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), has a history of targeting defense, telecommunications, and aerospace sectors, previously employing tactics such as fake job offers to infiltrate European firms in 2025. Between 2023 and 2025, the group also conducted operations against aviation and defense organizations across the Middle East, utilizing backdoors including MINIBIKE, TWOSTROKE, and DEEPROOT.
Tactical Evolution and Attack Methodology
The latest campaign represents a significant tactical evolution for Nimbus Manticore. Following the ceasefire in April, the group adopted search engine optimization (SEO) poisoning techniques to impersonate legitimate software, notably Oracle SQL Developer, as a vector to distribute the MiniFast backdoor. This malware, reportedly developed with AI assistance, grants attackers extensive control over compromised systems through API-based communications with command-and-control (C2) servers.
Initial access was gained through career-themed phishing campaigns that impersonated a U.S. domestic airline. Victims were lured into downloading a trojanized Zoom installer via fake meeting invitation links. The malicious ZIP archive, named Zoominstall64.zip, contained components designed for AppDomain hijacking, exploiting a legitimate Microsoft-signed binary (Setup.exe) to execute two loader DLLs (InitInstall.dll and Updater.dll). This sophisticated method allowed the malware to integrate seamlessly with authentic Zoom installation processes, thereby evading detection.
Upon execution, the malware presented a counterfeit installation window while simultaneously launching the genuine Zoom installer. It manipulated scheduled tasks to load additional malicious components, employing AppDomain hijacking once more to execute the second-stage loader and ultimately deploy the MiniFast payload. The malware maintained stealth by verifying process names and parent processes, ensuring persistence through scheduled tasks.
Capabilities and Sectoral Impact
MiniFast conducts comprehensive system reconnaissance and remains in communication with its C2 server, transmitting data in JSON format while masquerading as Chrome browser traffic to avoid suspicion. The backdoor supports a wide array of malicious functions, including file management, data exfiltration, shell command execution, and the creation of further scheduled tasks.
The emergence of AI-enabled threats such as MiniFast has intensified cybersecurity concerns within the aviation sector. Industry stakeholders are responding by enhancing security protocols and investing in advanced threat detection technologies. This heightened risk environment has contributed to increased insurance premiums for aviation companies, while competitors are collaborating on shared threat intelligence and developing more resilient cybersecurity frameworks to counteract similar attacks.
Check Point Research’s findings highlight the advancing sophistication of Iranian cyber threat actors and the growing role of AI in facilitating complex cyberattacks, prompting renewed scrutiny of cybersecurity defenses in critical infrastructure sectors.

Aviation Kerosene Deliveries to Russian Airports Placed Under Interdepartmental Control

IAG Partners with Verve Motion to Test Exosuits for Baggage Handlers

Airbus Strike in Getafe Disrupts Deliveries

Airline That Introduced Low-Cost Long-Haul Widebody Service Ends the Model

The Challenges and Prospects of ASEAN Aviation in 2026

Archer Aviation Escalates Patent Dispute with Joby as Delta Voices Concerns

Etihad Close to Ordering 10 Additional Boeing 787 Dreamliners

Kenya Airways Returns Boeing 777-300ER to Turkish Airlines After Lease Ends

California Developers Construct Vertiports Ahead of Air Taxi Approval
