Iranian APT Groups Target Israeli Organizations with Modular C2 Frameworks

Iranian APT Groups Target Israeli Organizations with Modular C2 Frameworks

First seen 7 Jul 2026, 00:59 UTC Research.CheckpointFeeds.FeedburnerQpulse.QuasarcybertechGbhackersHostcay+6 87% similarity 75.5

Article Content

Browse articles
ThreatCluster

In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular command-and-control (C2) framework built on a .NET foundation, utilizing various compilation formats to evade detection. The attacks often exploit vulnerabilities in legitimate software, such as SysAid, to deploy trojanized DLLs that enable further exploitation. The OilRig group has been active since 2014, previously targeting similar sectors with custom malware like the Solar and Mango backdoors. The campaigns have been characterized by their focus on reconnaissance, data theft, and lateral movement within compromised networks. Both groups are linked to Iran's Ministry of Intelligence and Security, highlighting the geopolitical implications of these cyber operations. Current assessments indicate that these threats are ongoing, with significant risks to Israeli infrastructure.

Key Points: • Cavern Manticore uses a sophisticated modular C2 framework targeting Israeli IT and government sectors. • Both Cavern Manticore and OilRig are linked to Iran's Ministry of Intelligence and Security. • The attacks exploit legitimate software vulnerabilities to deploy trojanized components for further exploitation.

ThreatCluster AI

Timeline

2026-01-01
Cavern Manticore identified
Check Point Research tracked the Cavern Manticore framework targeting Israeli organizations, focusing on IT and government sectors.
Research.Checkpoint
2026-07-06
Cavern framework details revealed
The Cavern framework was described as modular and built on .NET, utilizing multiple compilation formats for anti-analysis.
Research.Checkpoint
2026-07-06
Cavern Manticore attacks reported
Reports confirmed the use of the Cavern framework against Israeli organizations, highlighting its stealthy reconnaissance capabilities.
Feeds.Feedburner
2026-07-07
OilRig campaigns analyzed
ESET researchers published an analysis of OilRig's Outer Space and Juicy Mix campaigns, confirming their targeting of Israeli organizations.
Article 1

Community

Browse all →