Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Nimbus Manticore Western Europe critical infrastructure targeting campaign

Campaign
First reported
Last updated
Happening score
H score 40
1 unique sources, 2 articles

Summary

Hide ▲

The Nimbus Manticore campaign now targets critical infrastructure in Western Europe, expanding the group's reach beyond the Middle East and increasing the risk of credential theft, persistence, and data exfiltration. The operation uses spear-phishing lures that mimic HR recruiters and routes victims to fake job pages tied to airline, aerospace, and defense brands. It matters because the malware chain is built to keep access covert while harvesting credentials and staging additional payloads.

Related Happenings

Silver Fox South Asia phishing campaign

Campaign
First: 24.03.2026 18:00 Last: 24.03.2026 18:00 Sources 1

About this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...

Open Happening

Contagious Interview cryptocurrency social-engineering and malware-delivery campaign

Campaign
First: 23.03.2026 20:09 Last: 23.03.2026 20:09 Sources 1

About this happening: A **North Korean** cluster behind **Contagious Interview / WaterPlum** is running a coordinated **malware campaign** against **cryptocurrency professionals**, increasing the risk...

Open Happening

DarkSword operators phishing and watering-hole campaign

Campaign
First: 18.03.2026 23:15 Last: 18.03.2026 23:15 Sources 1

About this happening: **DarkSword** operators ran a **cross-border phishing and watering-hole campaign** using an **iPhone exploit chain** against users in **Saudi Arabia** and **Ukraine**, with additi...

Open Happening

UAC-0050 spear-phishing campaign targeting European financial institutions

Campaign
First: 24.02.2026 16:21 Last: 24.02.2026 16:21 Sources 1

About this happening: The **UAC-0050** spear-phishing operation targeted a **European financial institution**, raising concern that the actor is extending its reach beyond **Ukraine** into **Western Eu...

Open Happening

CRESCENTHARVEST Windows RAT and info-stealer activity

Malware Activity
First: 19.02.2026 10:13 Last: 19.02.2026 10:13 Sources 1

About this happening: The **CRESCENTHARVEST** malware activity centers on **version.dll**, a **Windows RAT and information stealer** that can execute commands, log keystrokes, and exfiltrate data. It m...

Open Happening

Timeline

  1. 23.09.2025 00:00 3 articles · 8mo ago

    Nimbus Manticore western Europe campaign disclosure

    Initial Disclosure

    Nimbus Manticore, overlapping with UNC1549 / Smoke Sandstorm, is reported to have expanded beyond the Middle East to target critical infrastructure organizations in Western Europe, including defense manufacturing, telecommunications, and aviation organizations in Denmark, Portugal, and Sweden. The campaign uses MiniJunk and MiniBrowse, compiler-obfuscated malware, SSL.com-signed binaries since at least May 2025, highly tailored spear-phishing emails posing as HR recruiters, fake job-related login pages tied to Airbus, Boeing, Flydubai, and Rheinmetall, and a multi-stage sideloading chain to establish persistence and exfiltrate data.

    Show sources
    Open in new tab