THREATOPS
THREAT OPSThreat News › Cavern Manticore: Exposing Iran-Linked Modular C2 Framework

Cavern Manticore: Exposing Iran-Linked Modular C2 Framework

medcheckpoint_researchPublished 2026-07-06

<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow"> <p><strong>Note:</strong><em> </em>SysAid was not compromised, and no SysAid vulnerability was involved. The attacker had already gained access to the victim environment and abused a legitimate software-deployment feature to deploy malware onto another machine within it.</p>

<hr class="wp-block-separator has-alpha-

Attributed threat actors

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://research.checkpoint.com/2026/cavern-manticore-exposing-iran-linked-modular-c2-framework/