May 20, 2024 at 12:27PM
Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) conducts destructive wiping attacks in Albania and Israel. Cybersecurity firm Check Point tracks the activity as Void Manticore, also known as Storm-0842. The group uses wiper malware and leverages publicly available tools for attacks, demonstrating a high degree of cooperation with other Iranian threat actors.
From the meeting notes, the key takeaways are:
1. An Iranian threat actor, affiliated with the Ministry of Intelligence and Security (MOIS), has been identified as the source of destructive wiping attacks in Albania and Israel, operating under the aliases Homeland Justice and Karma, and referred to as Void Manticore by Check Point and Storm-0842 by Microsoft.
2. The threat actor relies on disruptive cyber attacks using bespoke wiper malware, such as Cl Wiper, No-Justice, and BiBi, targeting systems in Albania and Israel.
3. The threat actor’s attack chains are described as “straightforward and simple,” leveraging publicly available tools and methods such as Remote Desktop Protocol (RDP), Server Message Block (SMB), and File Transfer Protocol (FTP) for lateral movement prior to malware deployment. Initial access is achieved through the exploitation of known security flaws in internet-facing applications.
4. There is evidence of collaboration and coordination between different threat actors, specifically Void Manticore and Scarred Manticore, with a systematic hand off of targets between the two groups.
5. The threat actor is suspected of accessing infrastructure previously obtained by Scarred Manticore to carry out its own intrusions.
6. The same techniques and coordination observed in attacks against Israel and Albania indicate a routine process, emphasizing a high degree of cooperation and a dual approach combining psychological warfare with actual data destruction.
Would you like me to generate a summary or any specific analysis based on these takeaways?