Iranian hackers use new modular C2 framework against Israeli organizations | brief | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


As reported by The Hacker News, an Iranian hacking group, linked to the country’s Ministry of Intelligence and Security, has been observed deploying a novel modular command-and-control (C2) framework named Cavern against Israeli organizations. This framework, also known as Cav3rn, has been used in attacks primarily targeting IT providers and government sectors.The threat cluster, dubbed Cavern Manticore by Check Point Research, exhibits tactical similarities with known groups like MuddyWater and Lyceum. The Cavern framework is built on a .NET foundation and utilizes multiple compilation formats, including .NET Framework, .NET Mixed-Mode C++/CLI, and .NET Native AOT, serving as an anti-analysis layer. The framework consists of a Cavern Agent and various Cavern modules, allowing for tailored deployments for reconnaissance, data theft, tunneling, and lateral movement. The attack chain often begins by exploiting SysAid’s software update feature to execute a trojanized DLL containing the Cavern Agent. This agent then contacts a C2 server to download additional post-exploitation modules. These modules include capabilities for file operations, database manipulation, Active Directory reconnaissance, network scanning, and tunneling.The attackers have been observed moving from an initial IT provider to a second-hop provider, leveraging trusted relationships within the software supply chain. They also appear to use browser-based remote desktop technologies and features like remote printing for data exfiltration.Source: The Hacker News



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW