May 20, 2024 at 12:10PM
The BiBi Wiper malware’s new variants are targeting Israeli and Albanian systems, linked to an Iranian hacking group named ‘Void Manticore.’ Check Point Research uncovered newer variants and operational overlaps involving another Iranian threat group. The malware is designed to complicate data restoration efforts, significantly extending downtime for targeted victims and maximizing damage.
Based on the meeting notes, the key takeaways are:
1. The BiBi Wiper malware, associated with the Void Manticore hacking group, has evolved to delete the disk partition table, making data restoration more challenging for targeted victims.
2. Void Manticore, believed to be affiliated with Iran’s Ministry of Intelligence and Security (MOIS), is linked to attacks on Israel and Albania.
3. Check Point Research has uncovered newer variants of the BiBi wiper as well as two other custom wipers used by the same threat group, namely Cl Wiper and Partition Wiper.
4. Void Manticore shows cooperation with another Iranian threat group, Scarred Manticore, with overlaps in their operational activities.
5. Void Manticore uses various tools including web shells, manual deletion tools, custom wipers, and credential verification tools for its destructive operations.
6. The newer variants of the BiBi Wiper target Israeli systems, delete partition information from the disk, and make data recovery more difficult.
7. The CI Wiper and Partition Wipers specifically target system partitions, making data restoration efforts more complicated and maximizing the damage.
These takeaways provide a clear understanding of the evolving threats posed by the Void Manticore hacking group and its associated malware, and the methods used to carry out destructive cyber operations.