Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Iranian Cyber Attackers Deploy Versatile C&C System

Iranian Cyber Attackers Deploy Versatile C&C System

Posted on July 7, 2026 By CWS

An advanced persistent threat (APT) group connected to Iran has been utilizing a sophisticated command-and-control (C&C) system in their recent cyber assaults aimed at Israeli organizations, as reported by Check Point.

Identifying the Threat: Cavern Manticore

The group, identified as Cavern Manticore, targets governmental bodies and IT service providers. Analysts suggest a link to Iran’s Ministry of Intelligence and Security (MOIS) and possible affiliations with OilRig, also known as Lyceum, Hexane, and SiameseKitten.

Cavern Manticore employs a versatile C&C framework designed with .NET technology and various compilation formats, serving as a defensive layer against analysis efforts.

Complexity in Cyber Tactics

Instead of using traditional obfuscation methods like packing or string encryption, the group employs distinct compilation formats that require different tools and workflows for analysis, complicating efforts to reverse-engineer their operations.

The framework’s components function as agents and modules, differentiating core communication tasks from capabilities post-compromise, allowing for customized deployment per target and enhancing access to breached systems.

Intrusion and Movement Techniques

The initial stage of the intrusion involves exploiting SysAid’s software update mechanism to sideload a WinDirStat DLL, triggering the Cavern agent’s execution.

Once C&C communication is established, the agent retrieves additional modules based on instructions from the operators. These modules enable file management, database operations, network reconnaissance, and more, utilizing both managed and native modules.

Modules are loaded into separate AppDomains, which are terminated upon unloading, effectively removing analysis artifacts. The agent also cleans the working directory of all files except essential communication and configuration files.

Human Involvement and Strategic Insights

Check Point indicates that while the Cavern framework may have been developed using AI, the presence of code comments, typographical errors, and inconsistent naming conventions point to significant human involvement.

In attacks on Israeli targets, the APT leveraged remote monitoring tools for lateral movement, utilized browser-based remote desktop technologies for accessing victim environments, and exploited features like remote printing for data theft.

Recent operations imply that the threat actors possess a deep understanding of Israel’s complex IT supply chains, as evidenced by their movement from initially compromised IT providers to secondary targets, eventually reaching the intended organizations.

The ongoing cyber campaigns highlight the evolving threat posed by Iranian state-linked groups, underscoring the need for robust cybersecurity measures to safeguard against such sophisticated attacks.

Security Week News Tags:APT, Cavern Manticore, Check Point, command-and-control, Cybersecurity, data exfiltration, Iranian hackers, Israel, IT security, modular framework, MOIS, OilRig, remote monitoring, SysAid, WinDirStat

Post navigation

Previous Post: AI’s Impact on Software Supply Chain Security
Next Post: Windows 11 26H2 Enhances Backup Policy by Default

Related Posts

iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals Security Week News
Ivanti Patches Exploited EPMM Zero-Days Ivanti Patches Exploited EPMM Zero-Days Security Week News
Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack Security Week News
Ransomware Groups May Shift Back to Encryption Strategies Ransomware Groups May Shift Back to Encryption Strategies Security Week News
FBI Security Breach, Iranian Camera Hack, and More Cyber Developments FBI Security Breach, Iranian Camera Hack, and More Cyber Developments Security Week News
Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show
  • Critical Flaw in AI Platform Writer Poses Security Risks
  • MCP Servers Found with Thousands of Security Flaws
  • Microsoft Device Code Phishing Campaign Targets M365 Accounts

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show
  • Critical Flaw in AI Platform Writer Poses Security Risks
  • MCP Servers Found with Thousands of Security Flaws
  • Microsoft Device Code Phishing Campaign Targets M365 Accounts

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark