May 21, 2024 at 05:15PM
Iranian state-backed groups, Scarred Manticore and Void Manticore, collaborate to conduct espionage and destructive cyber operations in Albania and Israel. Scarred Manticore excels in sophisticated, stealthy spying using the Liontail malware framework, while Void Manticore employs hack-and-leak tactics and destructive operations, making defense challenging for targeted organizations. Both groups require separate defenses, with preventative measures available for Scarred Manticore’s initial attack vector.
Based on the meeting notes, the main takeaways are:
1. Iranian state-backed threat actors, Scarred Manticore and Void Manticore, have been involved in spying and carrying out destructive operations against major organizations in Albania and Israel.
2. Scarred Manticore focuses on espionage, using the fileless Liontail malware framework, while Void Manticore is involved in hack-and-leak campaigns as well as destructive operations using basic and publicly available tools.
3. The two threat actors collaborate, with Scarred Manticore passing on access to Void Manticore for destructive operations when escalation occurs, such as during geopolitical events like the war in Israel.
4. Defending against these threat actors may pose a significant challenge for organizations, but simple defenses, such as competent endpoint security to block Void Manticore’s TTPs and addressing known vulnerabilities like CVE-2019-0604 to prevent Scarred Manticore’s attacks, can help in mitigating the risks.
It’s important for organizations to be aware of the tactics, techniques, and procedures employed by these threat actors and take proactive measures to defend against them. Regularly updating and patching systems, investing in advanced threat detection and prevention mechanisms, and staying informed about emerging threat intelligence can all contribute to strengthening the security posture of the organizations targeted by these state-level attacks.