Keypoints
- Cavern Manticore is an Iran-linked APT targeting Israeli organizations.
- The group uses a modular .NET-based C&C framework with built-in anti-analysis techniques.
- The infection chain begins by abusing SysAid’s software update feature to sideload a WinDirStat DLL.
- Specialized modules support file operations, brute-forcing, reconnaissance, tunneling, and data theft.
- The attackers use RMM tools and browser-based remote desktop access to move through supplier chains and reach victims.
Read More: https://www.securityweek.com/iran-linked-hackers-using-modular-cc-framework-in-cyberattacks/