← Back to news

New Iran-Nexus Hacking Group Targets Israel Government and IT Sectors

Infosecurity Magazine06/07/2026, 16:00
Read full article →

Summary

AI-Generated

Key Points:

  • A new Iranian-linked hacking group, Cavern Manticore, has been targeting Israeli government and IT sectors since early 2026, utilizing advanced modular command-and-control (C2) infrastructure.
  • The group exploits remote monitoring and management (RMM) software for initial access and lateral movement, deploying malicious software disguised as legitimate updates. Their operations have shown low detection rates on security platforms like VirusTotal.
  • Recommended actions include enhancing monitoring of RMM tools, implementing strict access controls, and employing advanced threat detection solutions to identify anomalous C2 traffic.

Technical Details: Cavern Manticore employs a modular C2 framework consisting of a persistent backdoor (Cavern agent) and specialized post-exploitation tools (Cavern modules), utilizing .NET technologies to evade detection. The group has been linked to previous Iranian threat actors through shared techniques and infrastructure.

MITRE ATT&CK Techniques:

  • T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
  • T1210 - Exploit Public-Facing Application (Initial Access)
  • T1021.001 - Remote Services: Remote Desktop Protocol (Lateral Movement)
  • T1059.001 - Command and Scripting Interpreter: PowerShell (Execution)

IOCs Mentioned:

  • hospitalinstallation[.]com (domain used in C2 infrastructure)

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.