Iran's Cavern Manticore Cyber Threat
Iran's cyber campaign escalates against Israel's IT networks.
Model Diplomat7 min readMiddle East

Cavern Manticore: Iran's Quiet Cyber Escalation Against Israel
Iran-linked group Cavern Manticore is using a modular .NET C2 framework to burrow into Israeli IT and government networks — and Israel's cyber policy is about to change because of it.
On July 6, 2026, Check Point Research publicly attributed a new intrusion set — "Cavern Manticore" — to Iran's Ministry of Intelligence and Security, disclosing a modular command-and-control toolkit that has been quietly siphoning access from Israeli IT providers and ministries since early 2026. The technical detail is unusual; the political timing is not. Cavern is the operational bridge between Iran's battlefield defeat in the 2025-26 war and the persistent, deniable cyber campaign that has now displaced the missile as Tehran's preferred pressure tool — and it is the direct trigger for the binding cybersecurity regulation the Knesset opened for debate this month.

What Check Point actually found
The malware is the story, and the story is that it is built to be uninteresting. Cavern is a post-exploitation framework written entirely in .NET but deliberately compiled into three different binary formats — pure .NET Framework IL, Mixed-Mode C++/CLI, and .NET 8 NativeAOT — so that each module forces a reverse engineer into a different toolchain. There is no packer, no string encryption, no control-flow flattening. According to Check Point, "the compilation format itself becomes the anti-analysis layer." The majority of samples score zero or near-zero on VirusTotal.
Initial access, in observed intrusions, ran through legitimate IT tooling rather than phishing. The recovered execution chain begins with an abused SysAid software update pushing a trojanised WinDirStat package that side-loads the Cavern Agent, which then pulls dedicated modules for LDAP reconnaissance, SQL browsing, network scanning and SOCKS5 tunneling on operator command. That SysAid vector is not new: the Council on Foreign Relations Cyber Operations Tracker has logged the same Israeli IT-management platform as a MuddyWater entry point since the Log4Shell era. Cavern Manticore inherits the tradecraft — and, per Check Point, shares infrastructure conventions (a
cac.aspx webshell endpoint, victim-side C2 proxying) with the OilRig sub-cluster Lyceum and with MuddyWater itself, both long-attributed to MOIS.
The tell is not sophistication; it is discipline. Per-module AppDomain isolation means that even a defender who catches one module recovers a fraction of the operator's capability. This is a framework designed for long dwell time inside IT providers — the vendors, in other words, that hold administrative access to hundreds of Israeli government and enterprise networks.
The numbers behind the campaign
The public disclosure lands against a backdrop of measurable escalation. Israel's National Cyber Directorate chief Yossi Karadi told Germany's Die Welt last week that roughly 4,800 hostile cyber incidents were logged against Israeli systems in June 2026 alone, against about 1,600 in June 2025 — a near-threefold year-on-year rise Karadi attributed directly to Iran. His framing was blunt: "There is no ceasefire in cyberspace."
That number is not an isolated data point. In a July 2 hearing, Karadi told the Knesset Foreign Affairs and Defense Committee that Israel is now the third most-targeted country in the world for cyberattacks, after the United States and the United Kingdom; that Israeli organisations were averaging 2,054 attempted attacks each in 2024, 23% above the global average; and that annual cyber-related economic damage is running near 0.5% of GDP. The
State Comptroller's 2024 annual audit put the wartime cost of dealing with cyberattacks at roughly NIS 12 billion.
The pattern Karadi describes — government and IT-services firms as primary targets, small- and mid-cap suppliers as the pivot — is exactly the ecology Cavern Manticore is engineered to exploit. Israeli IT providers hold delegated admin access into the very ministries and critical operators the Directorate is trying to protect. Compromise one MSP; you inherit the client list.
The political trigger nobody wants to name
Analysts have been slow to say it plainly, so it is worth saying: the volume Karadi is reporting is retaliation for a war Iran lost. The Middle East Institute has documented how, during and after the June 2025 12-Day War, Tehran shifted cyber from adjunct to instrument — a way to project reach while its missile stockpiles were depleted and its command chain was decapitated. The
Atlantic Council reached a converging judgment: cyber gave Iran no decisive military edge, but it did give the regime a way to signal survival.
That utility became strategic after the February 28, 2026 joint U.S.-Israeli strikes — "Operation Roaring Lion" on the Israeli side, tracked as "Epic Fury" in Washington — which, per the BBC, killed Supreme Leader Ali Khamenei and much of the senior security chain. What Iran has left is asymmetric: proxies, drones and code. The
Council on Foreign Relations has been cataloguing the MOIS-linked "Manticore" family — Void Manticore, Educated Manticore, Nimbus Manticore — as the state-run apex of that ecosystem, layered over an expanding hacktivist façade. Cavern is the newest branded actor in that lineage, and the first to surface as a purpose-built, post-war platform.
There is also a U.S. read-across. The Cybersecurity and Infrastructure Security Agency's April 7, 2026 advisory AA26-097A — cited in
congressional testimony from the Foundation for Defense of Democracies — warned that Iranian-affiliated actors were exploiting programmable logic controllers "across US critical infrastructure," causing operational disruption and financial loss. The same MOIS operational tempo is running against both allies. Cavern's tradecraft (RMM abuse, legitimate-update poisoning, modular tunneling) is the espionage-side complement to those disruption-side operations against PLCs and water systems.
Why this reshapes Israeli cyber policy
The load-bearing consequence sits inside the Knesset, not inside a SOC. On July 2, 2026, MK Bismuth's Foreign Affairs and Defense Committee opened deliberations on Israel's National Cyber Defense Bill, 2026 — the first attempt to give the National Cyber Directorate binding regulatory authority over private-sector critical operators, digital-service providers and hosting firms. The Knesset's official readout makes the linkage explicit: Karadi presented the 2026 attack figures directly to committee members while arguing that "time is a critical factor" for passage.
The mechanics matter. Under the draft, the Directorate would be formally empowered to compel critical organisations to maintain a baseline of controls and to report significant incidents; in an urgent scenario the Directorate head, with the Prime Minister's approval, could order immediate defensive measures inside a private network, subject to a 48-hour appeal. Non-compliance carries administrative and criminal penalties. This is a step change from Israel's existing "voluntary instruction" model, which the State Comptroller has repeatedly flagged as inadequate for the depth of the threat — notably at the National Insurance Institute, which the Directorate has been unable to designate as critical infrastructure despite holding population-scale personal data.
Cavern Manticore is the case in chief for the bill. The Directorate's own supply-chain guidance has for years warned that Israeli organisations are compromisable through their vendors and RMM providers; Cavern operationalises exactly that risk. Passage of the 2026 bill would let the Directorate mandate segmentation, logging and reporting standards from IT suppliers whose current cyber posture is entirely a commercial decision. Expect the Directorate to cite Check Point's July 6 write-up by name in committee.
The regional read-across
For governments outside Israel the analytic point is the doctrine, not the malware. Karadi's statement that kinetic and cyber operations now run on "parallel, largely independent tracks" is the doctrine RUSI and
CSIS have watched crystallise across the 2025-26 conflict: even during ceasefires, MOIS- and IRGC-affiliated groups sustain intrusion tempo against IT-facing systems as a way to pre-position for the next escalation. In
Radware's assessment cited by CSIS, attacks on Israel spiked 700% after Israel's 2025 strikes. Cavern's early-2026 emergence, and the June 2026 volume Karadi disclosed, show that spike did not decay.
The corollary risk is a supply-chain contagion the Atlantic Council has flagged: Israeli MSPs and cybersecurity firms serve clients across Europe, the Gulf and North America. A framework designed to persist inside those vendors is by definition a framework designed to reach their customers. For Gulf states now aligned with, or hosting infrastructure supporting, the U.S.-Israeli axis, the exposure is not theoretical. Karadi's Directorate can regulate Israel; nobody yet regulates the third-party spread.
Diplomat View
Cavern Manticore's real significance is not its .NET tradecraft — it is that Iran, having lost the kinetic war, has industrialised the cyber peace. Expect three things in the next six months: (1) the Knesset National Cyber Defense Bill passes in a strengthened form, with mandatory MSP reporting and Directorate authority to enter private networks the load-bearing provisions; (2) a public Israeli or U.S. indictment naming MOIS officers behind the Manticore cluster, following the 2023 CyberAv3ngers precedent; and (3) at least one Cavern-adjacent compromise surfacing in a third country — most likely a Gulf state or a European IT supplier with Israeli parentage — that forces a joint CISA-INCD advisory. The forecast would need revision if Tehran folds the MOIS cyber directorate into an IRGC-controlled entity in the current post-Khamenei succession fight, in which case the operational signature will shift toward IRGC-linked APT33/APT35 tradecraft and Cavern activity will decay within a quarter. Absent that structural change, the tempo Karadi reported for June is the new floor, not the ceiling.
What to watch
- Knesset second-reading vote on the National Cyber Defense Bill, 2026 — the committee's next closed sessions determine whether the compulsory-reporting and 48-hour intervention clauses survive private-sector lobbying.
- A follow-on Check Point or Microsoft attribution report naming specific Israeli IT providers compromised via SysAid or RMM abuse — the disclosure would sharpen the political case for regulation and likely trigger US-side advisories.
- Any Iranian regime restructuring of the MOIS cyber portfolio in the wake of the February 2026 leadership decapitation — Cavern's persistence or disappearance will be the first tell.
The Bottom Line
Cavern Manticore matters because it is the tooling Iran built for the war it can still fight. Tehran cannot match Israeli air power, but it can burrow into Israeli IT vendors and stay there — and the June 2026 numbers say it already has. The response will not be a counter-strike; it will be a statute, and the Knesset is writing it now.
Discover more

US Politics
SNAP Food Assistance Faces Legal Challenges
In 2026, SNAP faces stricter eligibility rules and mounting legal challenges, threatening food assistance for the millions of Americans who rely on the program.

Global Politics
Xi Jinping Calls China-Russia Ties 'Precious'
Xi Jinping's description of China-Russia ties as 'precious' reflects a strategic imbalance, with Beijing dictating terms in the partnership.

US Politics
House Ethics Committee Pushes Sexual Miscond.
The House Ethics Committee has shifted responsibility for sexual harassment settlement records to the Office of Congressional Workplace Rights, complicating disclosure efforts.

Global
Why Figuera, not Machado
Why the US backs Figuera over Machado in Venezuela's transition, how oil revenue shapes incentives, and what the August 1 working group means for elections.