securityonline.info 7/13/2026, 9:53:13 AM · external

Cavern Manticore APT Deploys Modular C2 Framework

Cavern Manticore APT Deploys Modular C2 Framework
Developing story campaign 3 articles tracked
Cavern Manticore APT conducts cyber-espionage campaign against Israeli entities
CyberSIXT Evidence Panel
Threat Actor
Cavern Manticore APT

THE Cavern Manticore APT, suspected to be linked to Iran, is engaged in cyber-espionage targeting Israeli government and IT sectors via a modular command and control (C2) framework. This versatile system allows for undetected intrusions by abusing legitimate IT management tools, initiating breaches through compromised IT service providers, and using various .NET formats to evade detection.

The malware operates inconspicuously, employing a fake Windows theming library and a self-updating mechanism to maintain its presence. Key modules can steal credentials, execute arbitrary SQL queries, map network infrastructure, and establish hidden communication channels. Analysts attribute the attack to human coders maintaining the project, with signs of AI usage for routine tasks. Organizations are urged to strengthen controls over remote management tools and adopt behavioral monitoring to counteract such sophisticated threats.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline