Cavern Manticore: Iranian State-Sponsored Hackers Unveil Sophisticated Modular C2 Framework Against Israeli Targets
An Iranian state-sponsored hacking group, **Cavern Manticore**, has been observed deploying a new, sophisticated modular command-and-control (C2) framework dubbed **Cavern** (also known as **Cav3rn**). This advanced threat targets Israeli organizations, particularly within IT providers and government sectors, showcasing a mature and adaptable toolset designed to evade detection and maintain persistent access.
An Iranian hacking group, believed to be affiliated with Iran's Ministry of Intelligence and Security (**MOIS**), is actively deploying a previously undocumented modular command-and-control (C2) framework named **Cavern** (aka **Cav3rn**). This sophisticated framework is primarily targeting Israeli organizations, with a focus on IT providers and government sectors.
The activity has been attributed to a threat cluster tracked by **Check Point Research** under the moniker **Cavern Manticore**. This group reportedly shares tactical overlaps with known Iranian state-sponsored actors like **MuddyWater** and **Lyceum**, the latter being a subgroup within **OilRig**.
### The Cavern Framework: A Deep Dive
**Check Point Research** highlights the framework's maturity and adaptability, noting its foundation in .NET and its use of multiple compilation formats, including .NET Framework, .NET Mixed-Mode C++/CLI, and .NET **Native AOT**. This multi-format approach serves as an anti-analysis layer, complicating reverse engineering efforts by requiring diverse toolsets and metadata reconstruction workflows.
The **Cavern** framework is structured with a clear division of responsibilities: **Cavern Agent** for core communication and **Cavern modules** for mission-specific post-exploitation functionalities. This modular design allows operators to customize deployments based on the victim's profile, reduce forensic visibility, and ensure persistent access through specialized modules for reconnaissance, data theft, tunneling, and lateral movement.
### Attack Chain and Modularity
The attack chain documented by **Check Point Research** typically begins with the exploitation of **SysAid's** software update feature. This vulnerability is leveraged to initiate a DLL side-loading chain, leading to the execution of a trojanized DLL, `uxtheme.dll`, which contains the **Cavern Agent**.
Once active, the agent loads a standalone communication DLL module, `n-HTCommp.dll`, to establish contact with the C2 server (`hospitalinstallation[.]com`). It then fetches additional post-exploitation modules on the fly over HTTPS or WebSocket.
As many as five distinct DLL modules have been identified:
* **mhm.dll**: For file operations, enumeration, recursive file search, archive handling, and bidirectional file transfer.
* **db.dll**: For SQL database enumeration, querying, export, and manipulation.
* **ode.dll**: For **Active Directory** reconnaissance, user/group enumeration, and LDAP brute-force attempts.
* **n-ten.dll**: For network reconnaissance, port scanning, share enumeration, and SMB brute-force attempts.
* **n-sws.dll**: For SOCKS5 proxy and WebSocket tunneling.
### Anti-Analysis Techniques
A defining characteristic of **Cavern** is its use of three different .NET compilation targets across its components. While `mhm.dll`, `db.dll`, and `ode.dll` are pure .NET Framework modules, `n-HTCommp.dll`, `n-ten.dll`, and `n-sws.dll` utilize **Native AOT** compilation. The main agent, `uxtheme.dll`, uniquely combines managed .NET code with native C++ in a single portable executable.
The agent incorporates a unified module dispatcher. Components with names starting with `n-` are treated as native DLLs and loaded via the **LoadLibraryA** Windows API. Other components are interpreted as managed .NET assemblies and loaded through **AppDomain isolation**.

**Check Point** emphasizes that the framework's anti-analysis posture relies on these uncommon .NET compilation formats and per-module **AppDomain isolation** as an anti-forensics measure.
### Supply Chain Exploitation and Broader Context
**Cavern Manticore's** attacks have demonstrated the ability to weaponize trusted relationships within the software supply chain. The threat actor often moves from an initial compromised IT provider to a second-hop provider before reaching the ultimate target organization.
This highlights the critical operational value of trusted service-provider relationships, especially where Remote Monitoring and Management (**RMM**) solutions are deployed. By abusing these tools, the actor can move laterally between victims and deliver malicious software disguised as legitimate updates. They also reportedly leverage browser-based remote desktop technologies and abuse built-in features like remote printing to exfiltrate data when other methods are restricted.
This development occurs amidst ongoing geopolitical tensions and joint military operations involving Israel and the U.S. against Iran. In related activity, the Iranian state-sponsored threat actor **MuddyWater** has been observed conducting extensive reconnaissance across over 12,000 internet-exposed systems. This campaign exploits known security flaws in **SmarterMail**, **n8n**, **N-central**, **Langflow**, and **Laravel Livewire** systems.
The exploited vulnerabilities include:
* **CVE-2025-52691**: SmarterMail remote code execution vulnerability
* **CVE-2025-68613**: n8n remote code execution vulnerability
* **CVE-2025-9316**: N-Central unauthenticated session ID generation vulnerability
* **CVE-2025-34291**: Langflow remote code execution vulnerability
* **CVE-2025-54068**: Laravel Livewire remote code execution vulnerability
According to **Oasis Security**, this broader operation has pivoted from reconnaissance to targeted credential harvesting and data exfiltration against aviation, energy, and government sectors in the Middle East, specifically in Egypt, Israel, and the United Arab Emirates. The attacks leverage vulnerability exploitation, **Outlook Web Access** (**OWA**) brute-force attacks, and newly identified C2 controllers supporting multi-protocol communication, leading to confirmed exfiltration of sensitive data.