New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors
ID: b27363af-0d80-53d5-be11-392a550484e0
STIX ID: report--b27363af-0d80-53d5-be11-392a550484e0
Feed Name: Infosecurity Magazine (News)
Check Point Research identified a new Iran-linked threat group called Cavern Manticore active since early 2026 against Israeli government and IT targets; the actor abuses RMM and browser-based remote desktop tools (including SysAid update abuse) to deploy a modular .NET-based C2 framework composed of a persistent Cavern agent and separate Cavern modules for post-exploitation, employs strong evasion (multiple .NET compilation formats, per-module AppDomain isolation, XOR/Base64 obfuscation), and shows overlaps with MuddyWater/Lyceum, with attacker infrastructure (e.g., hospitalinstallation.com, cac.aspx) tied to an Iranian hosting provider.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
