Feeds.Feedburner
Iranian APT Groups Target Israeli Organizations with Modular C2 Frameworks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular command-and-control (C2) framework built on a .NET foundation, utilizing various compilation formats to evade detection. The attacks often exploit vulnerabilities in legitimate software, such as SysAid, to deploy trojanized DLLs that enable further exploitation. The OilRig group has been active since 2014, previously targeting similar sectors with custom malware like the Solar and Mango backdoors. The campaigns have been characterized by their focus on reconnaissance, data theft, and lateral movement within compromised networks. Both groups are linked to Iran's Ministry of Intelligence and Security, highlighting the geopolitical implications of these cyber operations. Current assessments indicate that these threats are ongoing, with significant risks to Israeli infrastructure.
Key Points: • Cavern Manticore uses a sophisticated modular C2 framework targeting Israeli IT and government sectors. • Both Cavern Manticore and OilRig are linked to Iran's Ministry of Intelligence and Security. • The attacks exploit legitimate software vulnerabilities to deploy trojanized components for further exploitation.