Iran’s Cyber Wrath: Void Manticore Unleashes Devastating Wiper Attacks on Albania and Israel

Beware the Void Manticore, the cyber beast with a flair for wiping data clean off the map, leaving a trail of digital devastation from Albania to Israel. It’s the hacker’s handoff from hell, and your files may never see the light of day again. #CyberSecurityChaos

Hot Take:

When it comes to the digital world, it seems Iran’s got more manticores in its mythological creature lineup than a Harry Potter book. Enter Void Manticore, the latest cyber-beast causing chaos in Albania and Israel with a taste for wiping data cleaner than a Marie Kondo organized drawer. And let’s not forget their cyber-sibling, Scarred Manticore – apparently, they’re quite the tag team when it comes to digital destruction. How quaint, family reunions must be a blast with these two!

Key Points:

  • Iran’s cyber-minions, Void Manticore a.k.a. Storm-0842, are wreaking havoc with data-wiping shenanigans in Albania and Israel.
  • Check Point and Microsoft are like the Scooby-Doo gang, unmasking these cyber villains and their connections to Scarred Manticore.
  • These dastardly digital attacks use custom wiper malware like Cl Wiper and No-Justice to scrub systems cleaner than a germaphobe’s bathroom.
  • Void Manticore’s approach: simple, straightforward, and sneakier than a cat burglar, using tools you can find at the Internet’s equivalent of a yard sale.
  • The nefarious network is part of a cyber-marauder family tree, with Storm-0861 and Storm-0842 as siblings in cybercrime, and an uncle in APT34 known for Shamoon and ZeroCleare.
Cve id: CVE-2019-0604
Cve state: PUBLISHED
Cve assigner short name: microsoft
Cve date updated: 03/06/2019
Cve description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

Need to know more?

Wipeout: Albania & Israel Edition

Void Manticore, the digital equivalent of a masked wrestler, has been flexing its malware muscles in Albania since July 2022 under the intimidating ring name Homeland Justice. With moves like the Cl Wiper and No-Justice, it's been wiping the competition (and data) off the map. Not to be outdone, Israel has also been in the ring with this heavyweight, facing off against custom wipers post the Israel-Hamas scuffle—Introducing the BiBi wiper, because apparently, malware also needs a catchy nickname.

Tools of the Trade

These aren’t your grandma's cyber attackers, unless your grandma is into using Remote Desktop Protocol (RDP), Server Message Block (SMB), and File Transfer Protocol (FTP) for fun. And their strategy? It's as straightforward as a toddler's Lego instructions, but with a much more malicious endgame. Initial access is often gained through the cyber equivalent of leaving your front door unlocked, exploiting known security holes. Once they're in, they set up shop with web shells, including one that's like a wolf in sheep's clothing, looking like an error page but actually being a full-on Swiss Army knife of cyber chaos.

The Manticore Family Reunion

Void Manticore doesn't always work alone; it's got its partner-in-crime, Scarred Manticore. Think Batman and Robin but more "destroy the world" and less "save Gotham." Microsoft and Check Point have been piecing together this puzzle, revealing a family tree of Iranian threat actors with a penchant for data destruction. Storm-0861 starts the party, Storm-0842 brings the main course with ransomware and wipers, and Storm-0166 and Storm-0133 are on cleanup and reconnaissance. And just for kicks, Storm-0861 is reportedly a branch of the infamous APT34, which has a track record of wiping out data like a professional eraser.

The Art of Cyber War

Void Manticore isn't just about the silent kill; it’s about sending a message, like a mobster leaving a horse head in your bed but with less mess. It’s psychological warfare meets digital Armageddon, with a side of public data leaks to really rub salt in the virtual wounds. Check Point's report suggests this isn't just a one-off—they're seeing a pattern that hints at this being part of the group's standard playbook. So, the next time your data gets wiped, you might want to check if there's a Manticore lurking in your system.

Tags: APT34, Iranian cyber attacks, Malware Deployment, MOIS-linked cyber activity, Network Exploitation, threat actor coordination, Wiper Malware