Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns

Unit 42 documents a series of coordinated cyberespionage campaigns (Feb–Apr 2026) by the Iran-linked APT "Screening Serpens" that deployed two RAT families (MiniUpdate and MiniJunk V2) against targets in the U.S., Israel, the UAE and other Middle Eastern entities; the report details tailored social-engineering lures, DLL sideloading, advanced .NET AppDomainManager hijacking to disable ETW and strong-name checks, persistence mechanisms, C2 infrastructure, and provides IOCs and defensive guidance.