Analysis defencecritical-infrastructure
UNC1549: Iran's Persistent Aerospace and Defence Espionage Operation
UNC1549 — tracked as Screening Serpens and Nimbus Manticore by different intelligence vendors — is an IRGC-affiliated Iranian APT conducting sustained espionage against aerospace, defence, and telecommunications targets. Their recent expansion to European targeting, adoption of Azure and cloud C2 infrastructure, and novel AppDomainManager injection technique make them a growing concern beyond their traditional Middle East focus.