Iranian State Hackers Partner Up for Large-Scale Attacks, Report


A Check Point Research (CPR) report reveals that state-sponsored hackers and threat actors are employing sophisticated tactics to target organizations and nations, posing a significant threat that demands immediate solutions.

The company focused on Void Manticore, an evolving threat to those opposing Iranian interests. It revealed the complicated tactics they employ to destroy their target, including a complex web of online personas, strategic collaborations, and sophisticated attack methodologies.

State-Sponsored Actors- An Evolving Threat

Void Manticore is linked to Iran’s Ministry of Intelligence and Security (MOIS) and is known for its destructive wiping attacks and sophisticated influence operations. The actor operates under various online personas, such as “Karma” in Israel and “Homeland Justice” in Albania. 

Their operations are notably influenced by their collaboration with Scarred Manticore, another Iranian MOIS-affiliated group. Both engage in a systematic handoff of targets, with Scarred Manticore accessing and exfiltrating data from targeted networks and then transitioning control to Void Manticore. 

“This strategic partnership not only amplifies the scale and impact of their attacks but also poses a formidable challenge for cybersecurity defenders,” Check Point Team noted in the blog post.

Void Manticore Modus Operandi

Void Manticore’s tactics are straightforward yet effective. Utilizing basic tools, they establish access to target networks and then deploy a range of custom wipers designed for Windows and Linux systems. Some wipers target specific files or file types while others attack the system’s partition table, rendering all data on the disk inaccessible.

Moreover, they engage in manual data destruction activities, including shared drive manipulation, to further amplify the impact of their attacks. They mostly use the CI Wiper, Partition Wipers like the LowEraser, and the BiBi Wiper.

Their most recent attacks involved the BiBi Wiper (named after Israeli Prime Minister Benjamin Netanyahu), which can corrupt files and disrupt system functionality. The group has also targeted INSTAT in Albania and multiple Israeli entities.

The Void Manticore and Scarred Manticore connection (Screenshot: CPR)

How to Stay Safe?

Void Manticore aims to not just steal but destroy your data and cause chaos. This digital hit-and-run serves as a reminder of the constantly evolving nature of online threats. To protect yourself, stay vigilant by updating software with the latest security patches, be wary of online strangers, and use strong passwords.

  1. Hackers Target Israeli Rocket Alert App Users with Spyware
  2. Iran’s Scarred Manticore Targets Middle East with LIONTAIL Malware
  3. Deadglyph Backdoor Linked to Stealth Falcon APT in the Middle East
  4. Hackers Send Fake Rocket Alerts to Israelis via Hacked Red Alert App
  5. Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine





Source link