Iranian Hackers Deploy New Cavern C2 Framework Against Israeli Targets
Iran-linked threat actors are using a new modular C2 framework called Cavern to target Israeli IT providers and government entities. The attacks highlight evolving tactics from state-sponsored groups.
TL;DR
- Iranian hackers linked to MOIS use new Cavern C2 framework
- Targets include Israeli IT firms and government sectors
- Cav3rn is a previously undocumented modular command-and-control tool
- Activity tracked by Check Point Research
- Represents escalation in nation-state cyber operations
A newly identified Iranian hacking group with ties to the country's Ministry of Intelligence and Security (MOIS) has been actively targeting Israeli organizations using a previously unknown command-and-control (C2) framework. Dubbed "Cavern" or "Cav3rn," this modular toolkit represents a significant evolution in the tactics employed by state-sponsored threat actors.
The campaign has primarily focused on IT service providers and government institutions within Israel. Security researchers from Check Point Research have been tracking this activity, noting the framework's sophisticated design and potential for persistent access to targeted networks.
Technical Characteristics of Cavern C2
- Cavern is a modular command-and-control framework designed for stealth and persistence
- The tool allows attackers to maintain long-term access to compromised systems
- It features capabilities for data exfiltration and lateral movement within networks
- Security researchers classify it as previously undocumented in cybersecurity databases
Target Profile and Attribution
- Primary targets include Israeli IT providers and government sector organizations
- Attackers are linked to Iran's Ministry of Intelligence and Security (MOIS)
- Check Point Research has been monitoring the ongoing campaign activities
- The operation demonstrates increasing sophistication in Iranian cyber capabilities
- Victims may face risks of data theft, system compromise, and network infiltration
Sources
Sources
Security email updates
One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.