Iranian hacker groups using psychological tactics to target Israel and Albania through data destruction

Iranian Hacker Group Void Manticore Linked to Destructive Cyberattacks on Israel and Albania

A recent report by Check Point Research (CPR) has uncovered a series of destructive cyberattacks targeting Israel and Albania, carried out by an Iranian hacker group known as Void Manticore. This group, affiliated with Iran’s Ministry of Intelligence and Security (MOIS), has been collaborating with another Iranian threat actor, Scarred Manticore, to execute these attacks.

Void Manticore’s approach involves a combination of psychological warfare and data destruction. Operating under various online personas such as “Karma” and “Homeland Justice,” the group uses publicly available tools to gain access to target networks and deploys custom wipers for Windows and Linux systems to render data inaccessible.

CPR’s analysis reveals a systematic handoff of targets between Void Manticore and Scarred Manticore, with the latter initially exfiltrating data from targeted networks before passing control to Void Manticore for the destructive phase of the operation. This strategic partnership enhances the scale and impact of their attacks.

The report highlights similarities in the attacks on Israel and Albania, indicating a routine process for the Iranian hacker groups. Void Manticore’s arsenal includes custom wipers like CI Wiper, LowEraser, and the recently deployed BiBi Wiper, named after Israel’s Prime Minister Benjamin Netanyahu, which target specific files and disrupt system functionality.

Overall, the collaboration between Void Manticore and Scarred Manticore underscores the growing threat of Iranian cyber actors and the need for enhanced cybersecurity measures to protect against such attacks.