Void Manticore Destructive Activities in Israel

May 21, 2024, 4:07 p.m.

Description

This analysis details the destructive operations carried out by the Iranian threat actor Void Manticore, also known as Storm-842, against Israeli organizations. The group utilizes various techniques, including custom wipers for Windows and Linux, manual file deletion, and partition table corruption. Their activities involve leaking exfiltrated data through online personas like 'Karma' and are characterized by politically charged messaging, such as naming their wipers after Israeli Prime Minister Benjamin Netanyahu. Void Manticore's operations exhibit coordination with another Iranian actor, Scarred Manticore (Storm-861), suggesting target handoffs between the two groups.

Date

  • Created: May 20, 2024, 4:35 p.m.
  • Published: May 20, 2024, 4:35 p.m.
  • Modified: May 21, 2024, 4:07 p.m.

Attack Patterns

  • Cl Wiper
  • BiBi Wiper
  • Void Manticore

Additional Informations

  • Albania
  • Israel