🟠 High | Source: The Hacker News
An Iranian state-linked hacking group, associated with Iran’s Ministry of Intelligence and Security, has deployed a newly discovered modular command-and-control framework called Cavern against Israeli IT providers and government organisations. The framework is previously undocumented, suggesting active development of new offensive tooling by this threat actor. The targeting of IT providers raises particular concern due to the potential for downstream supply chain compromise.
Security Architect’s Take: Review egress traffic and C2 detection rules within your SIEM for anomalous outbound connections, particularly from systems managed by third-party IT providers. If your organisation operates in sectors targeted by MOIS-affiliated groups — including government supply chains — consider increasing threat hunting cadence and validating that endpoint detection tooling has up-to-date signatures for novel C2 frameworks.
Original advisory: Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations