Check Point Research Exposes Iranian Threat Actor Void Manticore’s Tactics

Iranian Threat Actor Conducts Destructive Wiping Attacks and Influence Operations

A recent report by Check Point Research has uncovered a series of destructive wiping attacks and influence operations conducted by an Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS). Known as Void Manticore, this threat actor has been targeting countries like Israel and Albania with sophisticated cyberattacks.

Void Manticore is known for adopting various online personas, such as “Homeland Justice” and “Karma,” to carry out its operations in different regions. The threat actor’s tactics involve a dual approach, combining data destruction with psychological warfare to maximize the impact of its attacks.

According to researchers, Void Manticore utilizes custom wipers for both Windows and Linux systems to disrupt operations through file deletion and shared drive manipulation. The group’s tactics are relatively straightforward yet effective, targeting critical files and partition tables to render data inaccessible.

Furthermore, the report highlights the coordination between Void Manticore and another threat actor, Scarred Manticore, in targeting victims. Scarred Manticore is responsible for initial access and data exfiltration, while Void Manticore executes the destructive phase of the operation, amplifying the scale and impact of the attacks.

The overlap in attacks against Israel and Albania suggests a systematic victim targeting strategy by MOIS. Void Manticore’s recent deployment of the BiBi Wiper, named after Israel’s Prime Minister Benjamin Netanyahu, showcases the group’s evolving and sophisticated techniques in cyber warfare.

As cyber threats continue to evolve, it is crucial for organizations and governments to stay vigilant and implement robust cybersecurity measures to protect against such malicious actors.