Iran-Linked Cavern Malware Targets Israeli IT and Government Sectors
Check Point Research reported that Cavern Manticore, an Iran-nexus actor linked to Tehran's Ministry of Intelligence and Security, has used a modular .NET command-and-control framework against Israeli organizations, especially IT providers and government-sector targets. The report says the operators abused trusted RMM and supplier relationships, including a SysAid software-update path that loaded a trojanized uxtheme.dll agent, to move from an IT provider toward higher-value victims. The Cavern modules support file and database browsing, Active Directory reconnaissance, network scanning, brute-force attempts and tunneling. Iran's campaign against Israel continues in cyberspace even between missile rounds, so the finding reinforces the need for hardened supplier access, monitored remote-management tools and disciplined Israeli cyber defense.