New 'Cavern' Framework Deployed in Iranian Cyber Campaign Against Israeli Government and IT Targets
By
Mr Bagel
An Iranian hacking group linked to the country's Ministry of Intelligence and Security (MOIS) has been using a previously unknown modular command-and-control framework called Cavern (also referred to as Cav3rn) to target Israeli organizations, according to reports from BackBox.org and The Hacker News. The activity, attributed by Check Point Research, has primarily focused on IT providers and government sectors.
"The malware is disguised as legitimate updates from IT providers, allowing it to infiltrate remote access programs and evade traditional detection systems."
This disguise makes the Cavern framework particularly insidious, as IT providers may trust update notifications, potentially granting attackers a foothold into broader networks.
The framework has been described as a "previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn)" by The Hacker News. Its modular nature allows the hackers to adapt their attacks and stay ahead of conventional defenses.
Check Point Research has tracked the threat cluster behind these operations, noting that the campaigns specifically single out Israeli organizations in the IT and government sectors, as reported by The Jerusalem Post. The use of a custom C2 framework indicates a persistent and sophisticated effort by the Iranian group to compromise high-value targets.
The reporting
3 outlets covered this story. Each links to the original.
Baker's Take
Comments
Sign in to join the conversation.
No comments yet. Be the first.