Void Manticore, an Iranian threat actor group known for its destructive cyber operations, has been making headlines since its emergence in October 2023. The group, affiliated with the Ministry of Intelligence and Security (MOIS), has gained notoriety for its high-impact, disruptive attacks primarily targeting organizations in Israel. Using a combination of data-wiping attacks and information leaks, Void Manticore aims to cause operational disruption and advance political motives.
Operating under online personas such as “Karma” and “Homeland Justice,” Void Manticore executes and publicizes their attacks. These personas are used to leverage political tensions and amplify the impact of their cyber operations. “Karma” is associated with attacks in Israel, using a custom wiper named the BiBi wiper, while “Homeland Justice” is linked to attacks in Albania.
One of Void Manticore’s notable tactics is the collaboration with another threat group, Scarred Manticore. This partnership involves a systematic handoff process where Scarred Manticore gains initial access and performs data exfiltration, while Void Manticore focuses on destructive activities. The seamless transition between the two groups allows for more coordinated and targeted attacks.
The arsenal of Void Manticore includes custom-built wipers for Windows and Linux systems, designed to render data inaccessible by targeting specific files and partitions. The group also utilizes straightforward techniques such as manual deployment of wipers and the use of tools like Remote Desktop Protocol (RDP) for lateral movement within compromised networks. These operations are meticulously planned to maximize damage and disrupt critical infrastructure.
In addition to their operational tactics, Void Manticore has been involved in various significant attacks. For instance, the group has targeted Israeli organizations with destructive attacks using custom wipers, causing disruptions and significant data loss. They have also executed attacks in Albania and focused on high-value targets like government agencies, financial institutions, and critical infrastructure.
Void Manticore’s attack vectors include spear phishing, exploiting vulnerabilities, RDP abuse, malicious software downloads, credential dumping, and web application exploitation. These tactics, combined with their use of custom and off-the-shelf tools, demonstrate the group’s strategic approach to cyber warfare.
By leveraging a blend of sophisticated and rudimentary techniques, collaborating with other threat actors, and targeting high-value entities, Void Manticore has proven to be a formidable player in the cyber domain. Their operations not only focus on causing damage but also on influencing and intimidating their targets. The group’s impactful attacks in Israel, Albania, and other countries underscore their strategic intent and expertise in carrying out destructive cyber operations.
With their focus on politically charged targets and their ability to combine various attack methods effectively, Void Manticore continues to be a significant player in the realm of cyber warfare. Their operations have caused disruptions and chaos in multiple sectors, emphasizing the importance of cybersecurity measures to mitigate such threats effectively.