New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors

New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors

New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors

https://www.infosecurity-magazine.com/news/new-iran-hacking-group-targets/

Publish Date: 2026-07-06 12:00:00

Source Domain: www.infosecurity-magazine.com

A new cyber threat group linked to the Iranian government has been targeting Israeli government and IT organizations since early 2026, according to Check Point Research.

The group, tracked by the Tel Aviv-headquartered cybersecurity firm as ‘Cavern Manticore,’ shares technical overlaps with MuddyWater and Lyceum, two threat groups with attributed links to Iran’s Ministry of Intelligence and Security (MOIS).

Check Point researchers also observed the group deploying a previously undocumented modular command-and-control (C2) infrastructure.

“The adversary’s ability to gain access to organizations in the defense and government sectors during the US military campaign ‘Operation Epic Fury’ demonstrates both a high operational tempo and a disciplined approach to target selection,” the researchers wrote in a threat intelligence report published on July 6.

Cavern Manticore’s Modular C2 Infrastructure

According to Check Point, Cavern Manticore typically gains access to its targets’ IT environments by abusing existing remote monitoring and management (RMM) software.

By exploiting these tools, the actor can move laterally between victims and deliver malicious software disguised as legitimate updates.

Another common initial access vector involves abusing browser-based remote desktop tools, such as remote printing, to exfiltrate data when clipboard-based copy-paste or file-transfer capabilities are restricted.

Once it has established initial access, the threat actor enables a SysAid’s software update which leads to installing malicious assets on the targeted environment.

To operate malicious campaigns, Cavern Manticore uses its own modular C2 framework, described by the researchers as “a mature and adaptable toolset built around a shared .NET foundation.”

The framework is made of two main components tracked by Check Point as Cavern agent and Cavern modules:

  • Cavern agent is the persistent backdoor that handles core communication with…

Source