Find notable cyber news and cases, enriched with sources, timelines, and signals.

Cavern Manticore campaign targeting Israeli government and IT organizations

Campaign
First reported
Last updated
Happening score
H score 70
1 unique sources, 1 articles

Summary

Hide ▲

The Cavern Manticore campaign is targeting Israeli government and IT organizations since early 2026, increasing the risk of unauthorized access and data theft in sensitive networks. The operation uses abused RMM software, browser-based remote desktop tools, and malicious updates to gain footholds and move laterally. Researchers also found a previously undocumented modular .NET C2 framework that helps the group evade detection and maintain persistence.

Related Happenings

Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan

Campaign
H score36 First: 04.03.2026 10:14 Last: 04.03.2026 10:14 Sources 1

About this happening: The **Silver Dragon** campaign is actively using **public-facing internet servers** and **phishing emails with malicious attachments** to gain initial access, expanding risk acros...

Konni blockchain developer targeting campaign with AI-generated PowerShell malware

Campaign
H score33 First: 24.01.2026 17:23 Last: 24.01.2026 17:23 Sources 1

About this happening: **Konni (Opal Sleet, TA406)** is running an **active campaign** that uses **AI-generated PowerShell malware** to target **developers and engineers in the blockchain sector**, with...

Ink Dragon European government relay-node campaign

Campaign
H score31 First: 17.12.2025 11:30 Last: 17.12.2025 11:30 Sources 1

About this happening: A **China-linked** group is turning **misconfigured European government servers** into relay nodes to hide **cyber-espionage**, expanding the operational footprint and making dete...

Timeline

  1. 06.07.2026 19:00 2 articles · 3d ago

    Check Point details Cavern Manticore campaign against Israeli government and IT organizations

    Initial Disclosure

    Check Point Research identified Cavern Manticore as a new Iranian government-linked threat group targeting Israeli government and IT organizations since early 2026, and described a previously undocumented modular .NET command-and-control framework used to support access, persistence, reconnaissance, data theft, tunnelling, and lateral movement. The researchers also linked the operation to abuse of existing remote monitoring and management (RMM) software, browser-based remote desktop tools, SysAid software updates, and attacker infrastructure including cac.aspx and hospitalinstallation[.]com.

    Show sources