Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Iranian Hackers Exploit SysAid for Stealthy Attacks

Iranian Hackers Exploit SysAid for Stealthy Attacks

Posted on July 7, 2026 By CWS

An Iranian-affiliated hacker group, known as Cavern Manticore, has been identified leveraging common IT tools to introduce malware into Israeli systems. This latest operation highlights the evolving tactics attackers use to blend into trusted environments.

Creative Use of Trusted Software

Cavern Manticore’s current campaign exemplifies how attackers can utilize familiar software to mask malicious intentions. Instead of exploiting obvious security gaps, the group employs SysAid, a popular remote monitoring and management (RMM) platform, to distribute a bogus software update. This update includes a seemingly legitimate file that secretly executes harmful code through a method called DLL sideloading.

Security experts from Check Point uncovered this operation following irregular activities linked to IT service companies in Israel. The hackers initially compromised one IT provider, subsequently moving to another, before finally targeting their primary objective.

Modular Malware Design

According to a report from Check Point shared with Cyber Security News, the malware, dubbed Cavern, is built on a modular framework. This allows its components to be interchanged based on the attackers’ objectives. Some modules facilitate communication, while others are tailored for data theft, database exploration, or probing networks. This modularity enables the attackers to customize each breach without needing to redesign the entire malware.

The complexity of Cavern is heightened by its use of three distinct compilation methods for identical code, each requiring different analysis tools. This strategy complicates efforts by defenders to decode the malware’s functionality.

Targets and Techniques

Cavern Manticore appears to focus on Israeli entities, particularly those in government and IT sectors. Targeting IT service providers is strategic, as these companies often have access to other organizations, serving as ideal conduits to more secure targets.

Investigations have traced their infrastructure to a domain registered with an Iranian hosting service, reinforcing suspicions of state-sponsored activity. Links to Iranian groups like MuddyWater and Lyceum further substantiate this theory.

Organizations are advised to scrutinize how RMM tools are utilized, as attackers increasingly exploit trusted administrative channels. Monitoring logs and file activity, particularly concerning uxtheme.dll, can help detect suspicious activities early.

Implications and Recommendations

This incident underscores the potential for trusted software to be weaponized when exploited creatively. Cavern Manticore’s systematic approach, from exploiting supply chains to employing evasion tactics, demonstrates a level of patience and sophistication that organizations must address.

Security teams should focus on behavioral patterns and infrastructure clues rather than fixed indicators, as the malware’s behavior can vary. Strengthening defenses proactively can prevent critical incidents and financial losses, emphasizing the need for a live threat feed integration from security operations centers.

Cyber Security News Tags:Cavern Manticore, cyber attack, Cybersecurity, DLL Sideloading, Iranian hackers, Israeli networks, IT security, Malware, remote management, SysAid

Post navigation

Previous Post: Critical Linux Vulnerability Threatens Intel and AMD Systems
Next Post: Keyfactor Secures $1 Billion Boost for AI and Security

Related Posts

AuraStealer Malware Emerges with Expanding C2 Network AuraStealer Malware Emerges with Expanding C2 Network Cyber Security News
Shai-Hulud 2.0 Malware Attack Compromised 30,000 Repositories and Stolen 500 GitHub Usernames and Tokens Shai-Hulud 2.0 Malware Attack Compromised 30,000 Repositories and Stolen 500 GitHub Usernames and Tokens Cyber Security News
Urgent Patches for Critical NVIDIA Vulnerabilities Released Urgent Patches for Critical NVIDIA Vulnerabilities Released Cyber Security News
New Malware Exploits HuggingFace for Data Theft New Malware Exploits HuggingFace for Data Theft Cyber Security News
BreachLock Expands AEV to Web Applications BreachLock Expands AEV to Web Applications Cyber Security News
WhatsApp’s New Username Feature Enhances Privacy WhatsApp’s New Username Feature Enhances Privacy Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark