Iranian Espionage Comedy: UNC1549’s Sneaky Backdoor Antics in Aerospace!

Iranian threat actors are back at it, deploying backdoors like TWOSTROKE and DEEPROOT to target aerospace and defense in the Middle East. Dubbed UNC1549, these cyber sleuths are the Houdinis of hacking, using trusted third-party relationships like a Trojan horse to infiltrate and outsmart even the most robust defenses.

3P
Published: November 18, 2025 3:29 pmAdded: November 18, 2025 at 8:04 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, it looks like the espionage game is afoot and Iran’s got its eyes on the skies. If you’re in aerospace, aviation, or defense in the Middle East, don’t just look up for flying saucers — you might want to check your servers for Nimbus Manticore! With backdoors like TWOSTROKE and DEEPROOT, these threat actors are sneaking in and out like a ninja at a sleepover. Better call your IT department because these attacks are more sophisticated than your grandma’s knitting patterns. So, if you thought your firewall was as invincible as your grandma’s fruitcake, it might be time for an upgrade!

Key Points:

  • UNC1549, also known as Nimbus Manticore, is the group behind the attacks.
  • They utilize clever initial access techniques, including abusing third-party relationships.
  • The threat actors employ a variety of backdoors and custom tools for espionage.
  • Tactics include credential harvesting, lateral movement, and information theft.
  • The campaign employs stealth tactics to maintain long-term persistence.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?