An Iranian hacking group aligned with Iran's Ministry of Intelligence and Security (MOIS) has deployed a previously undocumented modular command-and-control (C2) framework, dubbed Cavern (aka Cav3rn), in attacks against Israeli organizations. The campaign, tracked by Check Point Research, primarily targets IT providers and government sectors.
The sophistication of the Cavern framework suggests a highly resourced adversary, likely backed by state intelligence. While specific CVSS scores or exploitation metrics were not disclosed, the operational focus on government and critical infrastructure supply chains elevates its threat severity.
Technical details of Cavern's attack vector and exploit mechanisms remain limited at this time beyond its description as a modular C2 system. Indicators of compromise specific to this campaign have not been publicly shared by Check Point Research.
Mitigation guidance is currently unavailable as the campaign is newly identified. Organizations in the region, particularly those in IT and government, are advised to monitor for anomalies and review network traffic for connections to untrusted external hosts.
The attribution to a MOIS-linked cluster underscores Iran's continued cyber focus on Israeli entities. No specific defense against Cavern has been released, leaving affected sectors reliant on general cybersecurity best practices until further analysis emerges.