Feeds.Feedburner
Cavern Manticore: New Iranian C2 Framework Targets Israeli Organizations
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In early 2026, Check Point Research identified a new modular command-and-control framework named Cavern, linked to the Iranian APT group Cavern Manticore. This framework primarily targets Israeli organizations, focusing on IT providers and government sectors. The Cavern framework utilizes a .NET foundation with multiple compilation formats, including .NET Framework, Mixed-Mode C++/CLI, and .NET Native AOT, which serve as an anti-analysis layer. The attack vector often exploits SysAid's software update feature to deploy a trojanized DLL that installs the Cavern Agent. This agent connects to a C2 server to download additional modules for reconnaissance, data theft, and lateral movement. The attackers have been observed leveraging trusted relationships within the software supply chain to move between IT providers. The framework's modular architecture allows for tailored deployments, enhancing the threat's effectiveness. Current investigations continue to monitor the activities of this APT group.
Key Points: • Cavern Manticore is an Iranian APT group targeting Israeli IT and government sectors. • The Cavern framework employs a modular architecture with multiple .NET compilation formats. • Attacks often begin by exploiting SysAid's software update feature to deploy malicious DLLs.