THE Cavern Manticore APT, suspected to be linked to Iran, is engaged in cyber-espionage targeting Israeli government and IT sectors via a modular command and control (C2) framework. This versatile system allows for undetected intrusions by abusing legitimate IT management tools, initiating breaches through compromised IT service providers, and using various .NET formats to evade detection.
The malware operates inconspicuously, employing a fake Windows theming library and a self-updating mechanism to maintain its presence. Key modules can steal credentials, execute arbitrary SQL queries, map network infrastructure, and establish hidden communication channels. Analysts attribute the attack to human coders maintaining the project, with signs of AI usage for routine tasks. Organizations are urged to strengthen controls over remote management tools and adopt behavioral monitoring to counteract such sophisticated threats.