Cavern (Cav3rn) modular C2 framework links Iran to intrusions of Israeli orgs
Source headline: Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations
Intelligence Summary
Check Point attributes targeting activity to an Iran-linked threat cluster affiliated with MOIS. The group uses a modular command-and-control framework called Cavern (Cav3rn), previously undocumented in public reporting. Victims include IT providers and government-related organizations, with Israeli entities highlighted. This increases the risk of sustained access, custom payload delivery, and difficult-to-detect infrastructure. Organizations should review for Cavern-related indicators, tighten network egress controls, and ensure incident response coverage for C2 behavior.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.