Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Iranian Cyber Attackers Deploy Versatile C&C System

Iranian Cyber Attackers Deploy Versatile C&C System

Posted on July 7, 2026 By CWS

An advanced persistent threat (APT) group connected to Iran has been utilizing a sophisticated command-and-control (C&C) system in their recent cyber assaults aimed at Israeli organizations, as reported by Check Point.

Identifying the Threat: Cavern Manticore

The group, identified as Cavern Manticore, targets governmental bodies and IT service providers. Analysts suggest a link to Iran’s Ministry of Intelligence and Security (MOIS) and possible affiliations with OilRig, also known as Lyceum, Hexane, and SiameseKitten.

Cavern Manticore employs a versatile C&C framework designed with .NET technology and various compilation formats, serving as a defensive layer against analysis efforts.

Complexity in Cyber Tactics

Instead of using traditional obfuscation methods like packing or string encryption, the group employs distinct compilation formats that require different tools and workflows for analysis, complicating efforts to reverse-engineer their operations.

The framework’s components function as agents and modules, differentiating core communication tasks from capabilities post-compromise, allowing for customized deployment per target and enhancing access to breached systems.

Intrusion and Movement Techniques

The initial stage of the intrusion involves exploiting SysAid’s software update mechanism to sideload a WinDirStat DLL, triggering the Cavern agent’s execution.

Once C&C communication is established, the agent retrieves additional modules based on instructions from the operators. These modules enable file management, database operations, network reconnaissance, and more, utilizing both managed and native modules.

Modules are loaded into separate AppDomains, which are terminated upon unloading, effectively removing analysis artifacts. The agent also cleans the working directory of all files except essential communication and configuration files.

Human Involvement and Strategic Insights

Check Point indicates that while the Cavern framework may have been developed using AI, the presence of code comments, typographical errors, and inconsistent naming conventions point to significant human involvement.

In attacks on Israeli targets, the APT leveraged remote monitoring tools for lateral movement, utilized browser-based remote desktop technologies for accessing victim environments, and exploited features like remote printing for data theft.

Recent operations imply that the threat actors possess a deep understanding of Israel’s complex IT supply chains, as evidenced by their movement from initially compromised IT providers to secondary targets, eventually reaching the intended organizations.

The ongoing cyber campaigns highlight the evolving threat posed by Iranian state-linked groups, underscoring the need for robust cybersecurity measures to safeguard against such sophisticated attacks.

Security Week News Tags:APT, Cavern Manticore, Check Point, command-and-control, Cybersecurity, data exfiltration, Iranian hackers, Israel, IT security, modular framework, MOIS, OilRig, remote monitoring, SysAid, WinDirStat

Post navigation

Previous Post: AI’s Impact on Software Supply Chain Security
Next Post: Windows 11 26H2 Enhances Backup Policy by Default

Related Posts

Masjesu Botnet Threatens IoT Devices with DDoS Attacks Masjesu Botnet Threatens IoT Devices with DDoS Attacks Security Week News
Google Accelerates Chrome Releases to Bi-Weekly Schedule Google Accelerates Chrome Releases to Bi-Weekly Schedule Security Week News
HeroDevs Raises 5 Million to Secure Deprecated OSS HeroDevs Raises $125 Million to Secure Deprecated OSS Security Week News
CISA Warns of Exploited Flaw in Asus Update Tool CISA Warns of Exploited Flaw in Asus Update Tool Security Week News
CoChat Introduces Platform to Manage Shadow AI Risks CoChat Introduces Platform to Manage Shadow AI Risks Security Week News
SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations SonicWall Prompts Password Resets After Hackers Obtain Firewall Configurations Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • MCP Servers Found with Thousands of Security Flaws
  • Microsoft Device Code Phishing Campaign Targets M365 Accounts
  • CISA Utilizes AI Model Mythos to Enhance Code Security
  • Tarah Wheeler’s Journey: From Social Science to Cybersecurity Leadership
  • GitHub Workflow Vulnerability Exposes Private Repo Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • MCP Servers Found with Thousands of Security Flaws
  • Microsoft Device Code Phishing Campaign Targets M365 Accounts
  • CISA Utilizes AI Model Mythos to Enhance Code Security
  • Tarah Wheeler’s Journey: From Social Science to Cybersecurity Leadership
  • GitHub Workflow Vulnerability Exposes Private Repo Data

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark