A new hacking group associated with the Iranian government, named Cavern Manticore, has been targeting Israeli government and IT sectors since early 2026. According to Check Point Research, this group shares technical attributes with other Iranian-linked threat actors such as MuddyWater and Lyceum.
Cavern Manticore employs a modular command-and-control (C2) infrastructure that allows it to exploit remote monitoring and management (RMM) software and browser-based remote desktop tools to access and control targeted environments. Their operational techniques include using a persistent backdoor called Cavern agent and sophisticated post-exploitation tools, which help them evade detection. The group’s capability to adapt its methods for different campaigns underscores its operational agility.