Internet of Things (IoT) network is vulnerable to various cyberattacks, especially insider attacks. Most existing studies mainly detect nontargeted insider attackers, who manipulate all packets forwarded by them with a probability. Compared with nontargeted attackers, targeted attackers only manipulate specific packets, which makes them more efficient and covert. In this article, we propose a targeted insider attack model called conditional packets manipulation attack (CPMA), in which attackers maliciously manipulate the packets whose attribute values meet specific conditions with a probability. When resisting the CPMA attack, most existing detection algorithms are inefficient to find such malicious behavior. Also, they detect malicious nodes by collecting and analyzing the overall behavior of nodes, which are not appropriate for energy-constrained nodes in the IoT network. To solve these problems, we present CPMAED, a malicious nodes detection framework against CPMA attack. CPMAED maintains some partial trust metrics for each relay node, which indicate the probability of launch attacks when forwarding the packets with different attribute values. Also, our scheme leverages regression and clustering algorithms to evaluate the trust values of nodes and classify them into benign or malicious. In order to obtain higher detection accuracy, we optimize the routing of transmitted packets and inject the packets to collect more information about nodes to enhance detection. The experimental results show that our proposed scheme utilizing support vector machine and $K$ -means can achieve good detection performance and identify malicious nodes’ attack modes with high accuracy.