www.securityweek.com 7/7/2026, 12:56:39 PM · external

Cavern Manticore Uses SysAid Exploit to Target Israeli Firms

Cavern Manticore Uses SysAid Exploit to Target Israeli Firms
CyberSIXT Evidence Panel
Threat Actor
Cavern Manticore

AN Iran-linked APT actor, tracked as Cavern Manticore, has been utilizing a modular command-and-control (C&C) framework in recent cyberattacks on Israeli organizations. This group appears to have connections to Iran's Ministry of Intelligence and Security and the OilRig subgroup. The Cavern Manticore framework employs a .NET-based toolset designed for anti-analysis, with components for various cyber operations like file management and network reconnaissance.

The attack chain begins with exploiting SysAid software to deploy the Cavern agent, which subsequently fetches additional modules for specific functionalities. The APT demonstrates a sophisticated understanding of Israel's IT supply chains, often moving laterally between compromised entities to reach its final targets.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline