Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Iranian Hackers Exploit SysAid for Stealthy Attacks

Iranian Hackers Exploit SysAid for Stealthy Attacks

Posted on July 7, 2026 By CWS

An Iranian-affiliated hacker group, known as Cavern Manticore, has been identified leveraging common IT tools to introduce malware into Israeli systems. This latest operation highlights the evolving tactics attackers use to blend into trusted environments.

Creative Use of Trusted Software

Cavern Manticore’s current campaign exemplifies how attackers can utilize familiar software to mask malicious intentions. Instead of exploiting obvious security gaps, the group employs SysAid, a popular remote monitoring and management (RMM) platform, to distribute a bogus software update. This update includes a seemingly legitimate file that secretly executes harmful code through a method called DLL sideloading.

Security experts from Check Point uncovered this operation following irregular activities linked to IT service companies in Israel. The hackers initially compromised one IT provider, subsequently moving to another, before finally targeting their primary objective.

Modular Malware Design

According to a report from Check Point shared with Cyber Security News, the malware, dubbed Cavern, is built on a modular framework. This allows its components to be interchanged based on the attackers’ objectives. Some modules facilitate communication, while others are tailored for data theft, database exploration, or probing networks. This modularity enables the attackers to customize each breach without needing to redesign the entire malware.

The complexity of Cavern is heightened by its use of three distinct compilation methods for identical code, each requiring different analysis tools. This strategy complicates efforts by defenders to decode the malware’s functionality.

Targets and Techniques

Cavern Manticore appears to focus on Israeli entities, particularly those in government and IT sectors. Targeting IT service providers is strategic, as these companies often have access to other organizations, serving as ideal conduits to more secure targets.

Investigations have traced their infrastructure to a domain registered with an Iranian hosting service, reinforcing suspicions of state-sponsored activity. Links to Iranian groups like MuddyWater and Lyceum further substantiate this theory.

Organizations are advised to scrutinize how RMM tools are utilized, as attackers increasingly exploit trusted administrative channels. Monitoring logs and file activity, particularly concerning uxtheme.dll, can help detect suspicious activities early.

Implications and Recommendations

This incident underscores the potential for trusted software to be weaponized when exploited creatively. Cavern Manticore’s systematic approach, from exploiting supply chains to employing evasion tactics, demonstrates a level of patience and sophistication that organizations must address.

Security teams should focus on behavioral patterns and infrastructure clues rather than fixed indicators, as the malware’s behavior can vary. Strengthening defenses proactively can prevent critical incidents and financial losses, emphasizing the need for a live threat feed integration from security operations centers.

Cyber Security News Tags:Cavern Manticore, cyber attack, Cybersecurity, DLL Sideloading, Iranian hackers, Israeli networks, IT security, Malware, remote management, SysAid

Post navigation

Previous Post: Critical Linux Vulnerability Threatens Intel and AMD Systems
Next Post: Keyfactor Secures $1 Billion Boost for AI and Security

Related Posts

Payouts King Emerges as New Ransomware Menace Payouts King Emerges as New Ransomware Menace Cyber Security News
Chrome’s Privacy Risks: Fingerprinting and Header Leaks Chrome’s Privacy Risks: Fingerprinting and Header Leaks Cyber Security News
Meta Found a New Way to Track Android Users Covertly via Facebook & Instagram Meta Found a New Way to Track Android Users Covertly via Facebook & Instagram Cyber Security News
AI Phishing Is Your Company’s Biggest Security Risk in 2026 AI Phishing Is Your Company’s Biggest Security Risk in 2026 Cyber Security News
GlassWorm Malware Expands Through 73 New Sleeper Extensions GlassWorm Malware Expands Through 73 New Sleeper Extensions Cyber Security News
Rising Threat of Cybersquatting in Cybersecurity Rising Threat of Cybersquatting in Cybersecurity Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark