Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks

Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks

Keypoints

  • Cavern Manticore is an Iran-linked APT targeting Israeli organizations.
  • The group uses a modular .NET-based C&C framework with built-in anti-analysis techniques.
  • The infection chain begins by abusing SysAid’s software update feature to sideload a WinDirStat DLL.
  • Specialized modules support file operations, brute-forcing, reconnaissance, tunneling, and data theft.
  • The attackers use RMM tools and browser-based remote desktop access to move through supplier chains and reach victims.

Read More: https://www.securityweek.com/iran-linked-hackers-using-modular-cc-framework-in-cyberattacks/