Three Nimbus Manticore campaign waves rolled out from February through April, each with new tooling. The IRGC-linked group built a backdoor called MiniFast while Operation Epic Fury was active, and Check Point Research says the code carries the telltale signs of AI-assisted development.

On February 28, 2026, the United States and Israel launched Operation Epic Fury against Iran. The kinetic war ran until May 5. The cyber war, according to a Check Point Research report published last week, never paused for it.

Nimbus Manticore is an Iranian state-sponsored hacking group that Google's Mandiant tracks as UNC1549 and Palo Alto Networks tracks as Screening Serpens. Check Point has watched the group for years. It reports to the Islamic Revolutionary Guard Corps. Its historic targets are defense contractors, telecom operators, and aviation firms in the Middle East and Europe.

What changed in 2026, according to the company's threat intelligence team, was the speed. Three distinct campaign waves rolled out between February and April, each with new tooling. The middle wave introduced a previously unseen backdoor that Check Point named MiniFast. The April wave introduced a new delivery method for it: SEO poisoning, with a fake Oracle SQL Developer download page pushed to the top of Bing and DuckDuckGo.

"They built and deployed a brand-new backdoor mid-conflict while operations were actively underway." — Sergey Shykevich, Threat Intelligence Group Manager at Check Point Research (Check Point, May 22, 2026)

That speed, Check Point assesses, was not entirely human.

What Tells the Researchers an AI Helped Write the Code

The MiniFast backdoor itself is a 64-bit Windows DLL. It exposes a single function, CheckForUpdates, that serves as the malware's entry point. It talks to its command-and-control server over HTTP with JSON envelopes, disguises its traffic with a Chrome 146 user-agent string, and supports 17 commands ranging from file uploads to privilege escalation.

In isolation, none of that is novel. What is novel is what the source code looks like.

Check Point's analysts list four code-level characteristics they found embedded throughout MiniFast and its loaders:

Excessive error handling and defensive programming. Wrapper functions and try/catch blocks even around trivial calls like GetUserName that almost never fail in practice.
Verbose, descriptive function names. Repetitive identifiers that read like the output of a model instructed to "produce clear, self-documenting code."
Detailed error-reporting strings. Debug-style status messages embedded throughout the codebase, useful for development feedback, useless to an attacker trying to stay quiet on a compromised host.
Modular code organization. The implant is structurally elegant in a way that the malware's overall simplicity does not warrant.

Each of these patterns, on its own, is a habit a senior engineer might cultivate. Together, they form the same fingerprint that security teams have been documenting in legitimate codebases since GitHub Copilot landed in 2021: code that is more careful, more verbose, and more modular than a human writing under deadline pressure would bother to make it.

The Three Waves of the Operation

Check Point divides the operation into three distinct phases, each with a different lure, a different delivery vehicle, and a steady upward curve in operational sophistication.

FEBRUARY 2026 / RISING TENSION

First wave hits Saudi Arabia and Australia

Career-themed phishing lures impersonating Accenture target employees at software and aviation firms. Payload arrives in a ZIP hosted on OnlyOffice. The infection chain replaces older DLL sideloading with AppDomain Hijacking, dropping an updated MiniJunk backdoor.

FEBRUARY 28, 2026 / OPERATION EPIC FURY BEGINS

US-Israeli campaign launches against Iran

Kinetic operations begin. Nimbus Manticore activity intensifies rather than stopping. New infrastructure is registered, new code is written, new lures are launched.

MARCH 2026 / DURING THE WAR

MiniFast backdoor debuts via trojanized Zoom installer

A weaponized Zoom installer arrives via fake meeting invitations. The malware hijacks the legitimate Zoom scheduled task for persistence, then dynamically loads the new MiniFast payload. Files are signed with valid SSL.com certificates issued to Gray Matter Software S.R.L. and Kirubel Kerie Negeya.

APRIL 2026 / POST-CEASEFIRE

SEO poisoning replaces spear phishing

A fake Oracle SQL Developer download site, getsqldeveloper[.]com, ranks at the top of Bing and DuckDuckGo. Dozens of supporting domains amplify it. Database developers searching for the tool download MiniFast instead.

MAY 5, 2026 / CEASEFIRE

US Central Command declares Operation Epic Fury complete

Active hostilities end. The Nimbus Manticore SEO campaign continues serving MiniFast through April and into May.

MAY 22, 2026 / DISCLOSURE

Check Point publishes the operation breakdown

A parallel report from Palo Alto Networks Unit 42 confirms targeting of US, Israeli, UAE, and broader Middle East entities, including a US oil and gas firm.

How SEO Poisoning Replaced the Spear Phish

For years, Nimbus Manticore's signature move was the fake job offer. A defense engineer in Israel or the UAE would receive a recruiter email, click an OnlyOffice link, and end up unpacking a ZIP file with a legitimately signed Setup.exe next to a malicious DLL. The pattern has been documented since at least 2024 and tracked under the name "Iranian Dream Job," a deliberate echo of the North Korean Lazarus group's "Operation Dream Job."

In April 2026, the group tried something new.

A domain named getsqldeveloper[.]com appeared, hosting a copy of the Oracle SQL Developer download page. The site itself was unremarkable. What surrounded it was not. According to Check Point, the threat actor registered dozens of supporting domains that linked back to the page, pushing its reputation upward in search ranking algorithms. By the time Check Point pulled the site apart, it ranked at the top of Bing and DuckDuckGo for the query "sql developer."

A database developer searching for the tool would click the result, download the installer, and execute it. The installer dropped MiniFast.

"They built a fake SQL Developer download page and pushed it to the top of Bing and DuckDuckGo. No spearphishing, no fake job offer, just waiting for a developer to search for common software." — Sergey Shykevich, Threat Intelligence Group Manager at Check Point Research (Check Point, May 22, 2026)

The pivot is meaningful. A spear-phishing campaign requires the operator to choose a target, research them, and write a convincing pretext. SEO poisoning requires the operator to choose a tool the target population probably uses, then wait. The first is a sniper rifle. The second is a fishing net cast in well-stocked water.

What the AI Angle Actually Means for Defenders

Check Point's report is one of several published in recent months that document state-sponsored threat actors using AI assistants to build offensive tooling faster. Anthropic's own threat report in November 2025 described Chinese state-affiliated activity that used Claude to support 16 million automated attack interactions. Google's Threat Analysis Group has logged similar patterns across multiple adversaries. The Nimbus Manticore findings, corroborated by a parallel report from Palo Alto Networks Unit 42 on the same activity cluster, push the trend one step further: the AI is now visible in the malware itself.

That visibility matters for two practical reasons.

First, it changes the economic model of state-sponsored hacking. A team that previously needed weeks to develop a new backdoor can now ship one in days. The same Check Point team that documented Iranian operations during the war noted that the threat actor did not slow down during the conflict. It accelerated. The capacity to ship new tooling on a wartime tempo, while a country's physical infrastructure is being targeted, is exactly what AI-assisted development buys.

Second, it gives defenders a new family of detection signals. The verbose error handling and the descriptive function names that look like Copilot habits in a developer's IDE look the same in a malware sample. Static analysis that pattern-matches on code style, an approach security vendors have been resistant to for years because of false positives, suddenly has a reason to reconsider.

The Other Side

Not every researcher accepts the AI-assisted framing without caveats. The signals Check Point lists are characteristic of LLM-generated code, but they are also characteristic of code written by a careful engineer using a static analyzer like SonarQube or running a linter on save. Excessive error handling can be a corporate code-review requirement. Modular structure can be the consequence of a team standard. The case for AI assistance in Check Point's report rests on the combination of signals appearing together inside malware whose underlying logic is simple enough that none of the polish is operationally necessary.

There is also a question of attribution confidence. Nimbus Manticore is well documented, and the certificate reuse and infrastructure overlap Check Point lists make this campaign a clear fit. But the same coding patterns are now turning up in samples attributed to multiple state actors across multiple geographies. Calling AI-assisted development a Nimbus Manticore signature requires assuming the group did not borrow the style from publicly leaked tooling, or vice versa. Check Point's report is careful on this point: it assesses with reasonable confidence, not certainty, that the development pipeline involved AI tooling.

What Practitioners Should Do This Week

For data scientists and ML engineers who download developer tools regularly, the SEO poisoning angle is the most actionable part of this story. The MiniFast installer impersonated SQL Developer, but the same pattern works for any tool a target population is likely to search for: TensorFlow CUDA installers, Anaconda, JupyterLab, MLflow, PyTorch Lightning.

The action list from the Check Point report and the parallel Unit 42 guidance:

Download dev tools only from vendor-controlled URLs. Bookmark them. Do not search for the installer when you can navigate directly.
Verify digital signatures even on signed binaries. The MiniFast loaders carried valid SSL.com certificates issued to Gray Matter Software S.R.L. and Kirubel Kerie Negeya. A valid signature confirms the certificate was paid for. It does not confirm the publisher is who they appear to be.
Treat scheduled tasks named ZoomUpdateTask... and WindowsSecurityUpdate as suspect unless you can confirm the source. MiniFast hijacks the former for persistence and installs the latter as its second-stage callback.
Block the indicators of compromise Check Point published, including the 27 file hashes and 27 domains listed in the report's appendix.

For broader context on the security side of AI development, see the TrapDoor supply chain campaign that targeted CLAUDE.md files, the PyTorch Lightning compromise that closed in 42 minutes, and the LiteLLM backdoor that handed attackers 95 million monthly downloads.

If You Use SQL Developer

Check whether any installer you have downloaded since April 2026 came from getsqldeveloper[.]com or one of its supporting domains. If yes, treat the host as compromised, rotate every credential the user account could touch, and review the IOC list in the Check Point report's appendix.

The Bottom Line

The story most observers will pull from this report is that Iranian state hackers used AI to write malware faster. That is true, and it matters. The deeper story is that the line between AI in offense and AI in defense is being drawn right now, in code samples being reverse-engineered in Tel Aviv and Santa Clara, and the same Copilot habits that make a junior engineer more productive are turning into the fingerprints of state-sponsored intrusion.

Check Point's report runs to several thousand words of analysis. The core of it, the part defenders will be quoting for the rest of 2026, fits in one sentence from the group manager: "The conflict didn't slow them down. It actually accelerated them."

The next time a major incident-response timeline reads "first sample observed Wednesday, second variant Thursday, fully different family Friday," the working assumption will not be that the group hired more developers. It will be that the developers got a copilot.

Sources

Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict (Check Point Research, May 22, 2026)
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning (The Hacker News, May 26, 2026)
Iranian threat group targets US aviation sector with AI-assisted 'MiniFast' backdoor (SC Media, May 2026)
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning (Infosecurity Magazine, May 2026)
IRGC-linked Nimbus Manticore group attacks defense, aerospace, telecom sectors using Minifast malware toolkit (Industrial Cyber, May 2026)
Tracking Iran APT Screening Serpens (Palo Alto Networks Unit 42, May 2026)
Nimbus Manticore Deploys New Malware Targeting Europe (Check Point Research, 2025)

Practice interview problems based on real data

1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with.

Try 250 free problems

Free Career Roadmaps8 PATHS

Step-by-step roadmaps from zero to job-ready — curated courses, salary data, and the exact learning order that gets you hired.

Explore all career paths

Recommended Reading

Curated articles related to this topic

News

8 min

Microsoft Spent Two Years Trying to Land an External Maia Customer. The First Bidder Is Anthropic.

If signed, an Anthropic-Microsoft Maia 200 deal would resolve a two-year question for Microsoft's silicon program: whether anyone outside the company will pay to use it. It would also make Maia 200 Anthropic's fourth custom silicon partner.

May 27, 2026

News

10 min

Last Summer, Anthropic Promised Investors No Profits Until 2028. Q2 Numbers Are Tracking $559 Million.

Anthropic is on track for its first quarterly operating profit ever, projecting 10.9 billion dollars in Q2 revenue and 559 million in operating profit. Compute cost per revenue dollar fell from 71 cents to 56 cents in one quarter, a sharp reversal from the company's August 2025 guidance of no profits until 2028.

May 26, 2026

News

10 min

TrapDoor Hid Malicious Orders Inside CLAUDE.md and .cursorrules. The Attacker's Real Target Was Your AI Coding Assistant.

TrapDoor is the first widely-reported supply chain campaign that weaponizes AI coding assistants. Beyond credential theft via 384 versions across three package registries, the attacker hides instructions in CLAUDE.md and .cursorrules using zero-width Unicode, hoping the AI assistant runs commands the developer cannot see.

May 26, 2026

News

11 min

A Trusted VS Code Extension Was Poisoned for 18 Minutes. It Breached GitHub Itself.

A backdoored Nx Console extension was live on the Visual Studio Marketplace for just 18 minutes on May 18, but it was enough for the group TeamPCP to steal credentials at GitHub, OpenAI, Grafana Labs, and Mistral AI and exfiltrate roughly 3,800 of GitHub's internal repositories.

May 25, 2026

News

8 min

Anthropic's Co-Founder Just Put 60% Odds on AI Building Its Own Successor by 2028

At Oxford on May 20, Anthropic co-founder Jack Clark predicted AI would help win a Nobel Prize within 12 months and gave 60%-plus odds that an AI model could fully train its own successor by the end of 2028. He also repeated that the technology carries a non-zero chance of catastrophe.

May 25, 2026

News

7 min

OpenAI Is Filing for a $1 Trillion IPO. Its Own CFO Warned It Wasn't Ready

OpenAI is preparing to confidentially file a draft IPO prospectus with the SEC as soon as Friday, May 22, 2026, with Goldman Sachs and Morgan Stanley steering a public debut targeted for September at a valuation that could top $1 trillion. The move follows October 2025's conversion to a Public Benefit Corporation and February's record $122 billion round at an $852 billion valuation. CFO Sarah Friar has reportedly pushed back on the aggressive timeline, citing roughly $600 billion in five-year compute commitments against an annualized revenue run rate near $25 billion.

May 22, 2026

News

8 min

Anthropic Will Pay Musk $1.25 Billion a Month for a Supercomputer He Couldn't Fill

On May 20, 2026, SpaceX's S-1 filing disclosed that Anthropic will pay about $1.25 billion a month, more than $40 billion over three years, to rent the full 300-megawatt output of xAI's Colossus 1 data center near Memphis. The filing also revealed xAI lost $6.4 billion from operations in 2025 on $3.2 billion in revenue, and that Grok's daily active users fell from 13.9 million to 12.2 million between March and April. The deal is a textbook neocloud move: building AI infrastructure, then renting the idle capacity to a rival.

May 22, 2026

News

7 min

OpenAI's Last Math Claim Was an Embarrassment. This Time, the Skeptics Checked the Proof.

On May 20, 2026, OpenAI said a general-purpose reasoning model produced an original proof disproving Paul Erdős's planar unit distance conjecture, open since 1946. The model reached into algebraic number theory to find an infinite family of point arrangements beating the square grid. Unlike OpenAI's debunked October claim, this result was reviewed by mathematicians including Fields Medalist Tim Gowers and Thomas Bloom, the skeptic who exposed the earlier mistake.

May 21, 2026

News

9 min

Trump Spent Weeks Drafting an AI Order. Thursday, He Scrapped It at the Last Minute.

President Trump scrapped the signing of a landmark AI executive order on May 21, 2026, telling reporters he did not want to blunt America's lead over China. The order, in development for weeks after Anthropic's Mythos model autonomously found thousands of cyber vulnerabilities, would have created a voluntary framework for labs to share frontier models with the government 90 days before release. Even that compromise proved too much for an administration torn between China competition and AI safety.

May 21, 2026

News

7 min

Google's Flash Model Just Beat Its Own Flagship. The Real Target Is Your Agents.

Google launched Gemini 3.5 Flash at I/O 2026, a fast, cheap model that outperforms its flagship Gemini 3.1 Pro on nearly every benchmark. The release, paired with Antigravity 2.0 and Managed Agents in the Gemini API, marks Google's strategic shift from conversational AI to autonomous agents.

May 20, 2026