New Screening Serpens Cyberattacks Target Global Technology Professionals

Unit 42 reports a mid-February–April 2026 Iran-linked APT campaign dubbed Screening Serpens (also tracked as UNC1549/Smoke Sandstorm) targeting organizations in the US, Israel, the UAE and other Middle Eastern entities; operators use highly tailored recruitment lures and spoofed meeting invites to deliver malware that abuses DLL sideloading and .NET AppDomain Manager hijacking to install six newly observed RAT variants (grouped into two malware families) for persistent access and data exfiltration, and defenders are advised to tune EDR to detect these execution behaviors.