Return to Threats

Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

thehackernews.com 2026-07-07 AI supply chain High

What Happened

An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka Cav3rn) targeting Israeli organizations. The activity, which has primarily singled out IT providers and government sectors, has been attributed to a threat cluster tracked by Check Point Research

Why It Matters

According to Check Point Research and The Hacker News, an Iran-linked APT cluster dubbed Cavern Manticore is using a new modular Cavern/Cav3rn .NET-based C2 framework against Israeli government and IT providers, including via abuse of RMM tools and software update mechanisms.[1][2][4][7] The framework employs multiple compilation formats, DLL sideloading, NativeAOT modules, and anti-analysis features to enable reconnaissance, data theft, tunneling, and lateral movement.[1][2][5] From a RealGround perspective, this highlights significant software supply chain exposure, where compromised or abused IT management and update channels can be leveraged to deploy advanced post-exploitation tooling into sensitive environments.[1][4] Organizations integrating third-party remote management, monitoring, and update services into AI infrastructure should enforce SBOM-based vetting, strict access controls, and continuous compromise monitoring on these dependencies, as compromise of such tools could provide adversaries a stealthy path into AI systems and associated training or operational data.

Healthcare Fintech SaaS SMB AI startups

RealGround Analysis

This signal maps to AI supply chain. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.

Recommended Actions

  • Restrict AI agent tool permissions and production write paths.
  • Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
  • Add human approval workflows for high-impact or state-changing actions.
  • Run prompt injection and indirect prompt injection tests against affected workflows.
  • Document the owner, control gap, and remediation deadline for this risk class.

Source

https://thehackernews.com/2026/07/iran-linked-hackers-use-new-cavern-c2.html

Talk to AI CISO