An Iranian hacker group known as
Void Manticore
has been linked to a series of destructive
cyberattacks
targeting Israel and
Albania
, according to a recent report by
Check Point Research
(CPR). The group, affiliated with Iran's Ministry of Intelligence and Security (
MOIS
), has been carrying out these attacks in collaboration with another Iranian threat actor,
Scarred Manticore
.
The report reveals that Void Manticore employs a dual approach, combining
psychological warfare
with
data destruction
. The group operates under various online personas, such as "Karma" for attacks in Israel and "Homeland Justice" for attacks in Albania. Their tactics involve establishing access to target networks using publicly available tools and deploying custom wipers for Windows and Linux systems to render data inaccessible.
CPR's analysis uncovers a systematic handoff of targets between Void Manticore and Scarred Manticore. Scarred Manticore initially accesses and exfiltrates data from targeted networks, followed by a transition of control to Void Manticore, which then executes the destructive phase of the operation. This strategic partnership amplifies the scale and impact of their attacks.
The report highlights similarities between the attacks in Israel and Albania, including using specific vulnerabilities for initial access, similar tools, and the coordination between the two threat actors. These overlaps suggest that this process has become routine for the
Iranian hacker groups
.
Void Manticore's arsenal includes various custom wipers, such as the CI Wiper, Partition Wipers like LowEraser, and the recently deployed BiBi Wiper, named after Israel's Prime Minister Benjamin Netanyahu. These wipers target specific files and partition tables and employ sophisticated techniques to corrupt files and disrupt system functionality.
English (US) ·