Iran's Cavern Manticore Targets Israel's IT
New Iran-linked hackers reshape Israel's cybersecurity landscape.
Model Diplomat7 min readMiddle East

Cavern Manticore: Iran's MOIS Hackers Reload on Israel's IT Supply Chain
Check Point exposed a new Iran-linked hacking group, Cavern Manticore, targeting Israeli government and IT firms — a state-attributed cyber operation reshaping Israel's cybersecurity policy.
Iran's Ministry of Intelligence has quietly rebuilt its cyber-espionage arm around a bespoke command-and-control framework Israeli defenders had not seen before this year — and it is being used, right now, against the IT vendors that sit inside Israeli government networks. On July 6, 2026, Check Point Research disclosed Cavern Manticore, an Iran-nexus advanced persistent threat operating against Israeli government and IT-provider targets since early 2026 with a modular .NET tool set the researchers call "Cavern." The disclosure matters less as a malware story than as a strategic one: it confirms that the June 2025 twelve-day war and the February 28, 2026 US–Israeli air campaign against Iran did not degrade Tehran's covert cyber apparatus — they professionalised it, and pointed it at the soft underbelly of Israel's public sector: the third-party IT firms that touch ministries and utilities. That is the reason Israel's National Cyber Directorate is now asking the Knesset for statutory powers it was denied in 2018.
What Check Point actually found
The Cavern framework is engineered for one thing: survival inside a defender's network. According to Check Point Research, operators achieve initial access by abusing remote monitoring and management (RMM) tools already present in victim environments, then hijack SysAid's software-update mechanism to deploy a WinDirStat DLL-sideloading package. The legitimate binary loads a trojanised
uxtheme.dll — the Cavern Agent — which pulls down mission-specific modules for file operations, database enumeration, LDAP queries, network reconnaissance, and SOCKS5 tunnelling on operator command.
The distinctive engineering choice is not obfuscation but compilation. Check Point documents that the framework deliberately mixes three .NET output formats — pure IL, Mixed-Mode C++/CLI, and .NET 8 NativeAOT — so that every reverse-engineer has to switch toolchains between components. Combined with per-module AppDomain isolation, that decision drives detection rates on VirusTotal to near-zero across the sample set, as The Hacker News reported in its walk-through of the disclosure.
Attribution is the point that carries policy weight. Check Point ties Cavern Manticore to Iran's Ministry of Intelligence and Security (MOIS) via technical overlaps with MuddyWater and the OilRig subgroup Lyceum — a webshell-style cac.aspx C2 endpoint and reuse of victim infrastructure to proxy traffic, both hallmarks documented in prior MOIS operations. The Council on Foreign Relations' Cyber Operations Tracker previously catalogued MuddyWater's 2021–22 abuse of SysAid via Log4Shell against the same class of Israeli targets. The tooling has evolved; the target set and the tradecraft have not.
The surge the numbers describe
Cavern Manticore does not sit in a vacuum. It nests inside a documented, and escalating, state-directed campaign. On June 30, 2026, National Cyber Directorate head Yossi Karadi told Germany's Die Welt that Israel logged roughly 4,800 hostile cyber incidents in June 2026, against 1,600 in June 2025 — a near-threefold year-on-year rise he attributed directly to Iran. Karadi's quote — "there is no ceasefire in cyberspace" — has since been picked up in regional coverage, including a threat-campaign analysis synthesising the directorate's disclosure and a July 5
breakdown by GeoBit AI.
The Center for Strategic and International Studies had framed this pattern earlier in 2026. In its analysis of Iran's coordinated cyber threat landscape, CSIS argued that Tehran runs a two-track ecosystem: hacktivist personas such as Handala for noise and deniability, and MOIS/IRGC APTs — APT33, APT34/OilRig, MuddyWater — for precision espionage and sabotage. Cavern Manticore is the second track, and its emergence during a live shooting war is the analytically important fact. It refutes the early-2026 assessment, offered by outlets including the
BBC, that Iran's state cyber capability had been either "incapacitated" by Israeli strikes on IRGC cyber facilities or simply "overestimated."
Why IT providers, and why now
The target set is the strategic tell. Check Point emphasises Cavern Manticore's focus on IT service providers and government sectors — not utilities, not banks, not headline critical infrastructure. That choice reflects two calculations.
First, IT providers are the shortest path into Israeli ministries. A single managed-services vendor with RMM software deployed across government clients gives an attacker persistent, credentialled access to dozens of end-networks without touching a hardened perimeter. This is why Cavern's initial access abuses existing RMM tools and SysAid update workflows rather than a novel zero-day. It is a supply-chain compromise disguised as legitimate IT maintenance.
Second, the operational tempo suggests espionage rather than destruction. Karadi told Die Welt that Israeli defences have so far repelled attacks on core critical infrastructure. Cavern's post-exploitation modules — DPAPI decryption, database enumeration, LDAP queries, tunnelling — are optimised for exfiltration and lateral movement, not wiping. Compare that to the destructive Handala/MOIS operation against US firm Stryker in March 2026, catalogued by Al Jazeera, which sought maximum symbolic damage.
The division of labour is deliberate. As CSIS argued in its demystification of Iranian cyber operations, Iran uses hacktivist proxies for reach and deniability and MOIS APTs "when it needs sophisticated access and narrow targeting." Cavern Manticore is Tehran quietly harvesting the Israeli state's IT nervous system while Handala and its analogues generate the noise.
The policy consequence: Israel's cyber law comes off the shelf
The Cavern disclosure lands into a legal vacuum Israel has been trying to close for eight years. The National Cyber Directorate operates today largely on the strength of a 2011 government resolution and prime-ministerial authority — not statute. As the Council on Foreign Relations documented in its analysis of the draft Israeli cybersecurity law, the bill would give the NCD express legal authority to issue binding cross-sector guidance, seize equipment for forensic analysis (with judicial authorisation), and mandate real-time information-sharing from private operators — powers that have stalled for years over civil-liberties objections.
Karadi, who told The Jerusalem Post in December 2025 that "Iran has attacked every Israeli citizen multiple times" — a line preserved in the Institute for Defence Studies and Analyses commentary — is now using the June 2026 surge to reargue the case. The Cavern discovery gives him exactly the artefact he needs: a modular, MOIS-linked framework inside government-adjacent IT firms that current voluntary reporting norms would not have surfaced. Expect the NCD to cite Cavern Manticore in Knesset testimony this autumn as load-bearing evidence for compulsory incident disclosure and vendor-security mandates.
The fiscal backdrop hardens the case. Israel's defence spending will run 4.5–6.5% of GDP in 2026, down from over 7% during the peak war years but still consuming budget headroom that would otherwise fund cyber-defence modernisation. Israel's private cyber-security sector — which drew $815 million of investment in the last pre-war year — is the country's asymmetric advantage, but only if the government can compel disclosure and coordinate defence across ministries. Cavern is the accelerant.
What Washington is watching
For the United States, Cavern Manticore is a leading indicator. The Cybersecurity and Infrastructure Security Agency issued a joint advisory with the FBI, EPA, and NSA in April 2026 warning that Iranian-affiliated actors were exploiting programmable logic controllers across US critical infrastructure — a campaign CSIS reads as Tehran "weaponising existing access" it had pre-positioned as far back as January 2025. If MOIS is confident enough to run a bespoke modular framework against Israel's IT vendors during active hostilities, the same operators are almost certainly running quieter espionage against US managed-service providers with Israeli or defence-industrial exposure. The
Congressional Research Service catalogue of state-attributed cyberattacks 2012–2025 already lists Iran alongside China, Russia, and North Korea as the four leading nation-state threat actors — Cavern is the 2026 data point that keeps that framing current. It also lands as the European Council in March 2026
sanctioned the Iranian company Emennet Pasargad over cyberattacks on EU targets — the first hard signal that Tehran's operations against Western infrastructure are now on Brussels' sanctions perimeter, not just Washington's.
Forward look
- Knesset autumn session (October 2026): Watch for the NCD to submit a revised cybersecurity bill citing Cavern Manticore. Passage would give the directorate compulsory-disclosure and vendor-audit authority for the first time.
- Check Point IoC rollout (July–August 2026): Once indicators of compromise propagate through Israeli MSSPs and Western threat-intel feeds, expect confirmed Cavern intrusions to surface at Gulf and European government IT vendors with Israeli linkage.
- CISA advisory (Q3 2026): A joint FBI/CISA/NSA advisory on MOIS supply-chain tradecraft — mirroring the April 2026 PLC advisory — is the concrete signal that Washington reads Cavern as a US problem, not just an Israeli one.
Diplomat View
The consensus reading after the February 2026 air campaign was that Israel had physically degraded Iran's offensive cyber capacity — the alleged March 4 IDF strike on the IRGC's cyber-warfare headquarters, flagged by RUSI, was cited as evidence. Cavern Manticore falsifies that reading. MOIS, which sits under the civilian presidency rather than the IRGC, has kept its APT bench intact and is producing new, purpose-built tooling twelve months after the twelve-day war. The forecast: Iran's cyber posture against Israel will not revert to pre-2025 baselines regardless of any diplomatic settlement, because the espionage layer has decoupled from the kinetic conflict cycle. What would change this call: a confirmed, high-confidence disruption of the MOIS units running Lyceum/MuddyWater (not just a symbolic strike), or a US–Iran channel that trades cyber restraint for sanctions relief. Neither is on the July 2026 horizon. Regional cyber policy — in
Israel, the Gulf, and Washington — will spend the second half of 2026 catching up to a threat the intelligence services already treat as permanent.
The Bottom Line
Cavern Manticore is not a new malware story — it is proof that Iran's Ministry of Intelligence has weathered the war, rebuilt its APT toolchain, and pivoted from noisy retaliation to patient supply-chain espionage inside Israel's IT vendors. The immediate winner is Yossi Karadi, whose stalled cybersecurity bill just acquired its most persuasive exhibit. The immediate loser is the assumption — held in both Jerusalem and Washington — that kinetic strikes can meaningfully degrade a state's covert cyber apparatus.
Discover more

US Politics
SNAP Food Assistance Faces Legal Challenges
In 2026, SNAP faces stricter eligibility rules and mounting legal challenges, threatening food assistance for the millions of Americans who rely on the program.

Global Politics
Xi Jinping Calls China-Russia Ties 'Precious'
Xi Jinping's description of China-Russia ties as 'precious' reflects a strategic imbalance, with Beijing dictating terms in the partnership.

India
Congress Accuses Modi of Stalling Women's Law
Congress accuses Modi of stalling women's reservation law by linking it to delimitation, revealing a deeper electoral strategy.

Global
Why Figuera, not Machado
Why the US backs Figuera over Machado in Venezuela's transition, how oil revenue shapes incentives, and what the August 1 working group means for elections.