Void Manticore Destructive Activities in Israel

May 21, 2024, 4:07 p.m.

Description

This analysis details the destructive operations carried out by the Iranian threat actor Void Manticore, also known as Storm-842, against Israeli organizations. The group utilizes various techniques, including custom wipers for Windows and Linux, manual file deletion, and partition table corruption. Their activities involve leaking exfiltrated data through online personas like 'Karma' and are characterized by politically charged messaging, such as naming their wipers after Israeli Prime Minister Benjamin Netanyahu. Void Manticore's operations exhibit coordination with another Iranian actor, Scarred Manticore (Storm-861), suggesting target handoffs between the two groups.

External References

https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/
https://otx.alienvault.com/pulse/664b7bbbf188d3112858711a
Tags
iran
2024-05-20
wipers
hacktivism
cl wiper
destructive
bibi wiper
leaks

Date

  • Created: May 20, 2024, 4:35 p.m.
  • Published: May 20, 2024, 4:35 p.m.
  • Modified: May 21, 2024, 4:07 p.m.

Attack Patterns

  • Cl Wiper
  • BiBi Wiper
  • Void Manticore

Additional Informations

  • Albania
  • Israel