Dark Web Profile: Storm-842 (Void Manticore)

Category	Details
Threat Actors	Storm-842 (Void Manticore), linked to Iranian MOIS, also operating under ‘HomeLand Justice’ and ‘Karma.’
Campaign Overview	Series of cyberattacks targeting Albania (July & September 2022) and later Israel; includes data wiping, influence operations, and ransomware-style disruptions.
Target Regions	Albania, Israel, and other entities opposing Iranian interests.
Methodology	Destructive wiping attacks, psychological warfare through influence campaigns, strategic data leaks, and coordinated operations with Scarred Manticore.
Products Targeted	Windows and Linux systems, e-government portals, border systems, and critical infrastructures.
Malware Reference	Custom-developed wipers (Cl Wiper, Partition Wipers, BiBi Wiper), “do.exe,” Karma Shell, and reGeorge web shells.
Tools Used	Web shells, SDelete, Windows Format Utility, manual deletion, and SSH-based C2 channels.
Vulnerabilities Exploited	Unpatched systems, credential harvesting, use of compromised accounts, and exploits on internet-facing web servers.
TTPs	Reconnaissance, weaponization (custom wipers/web shells), delivery via web servers, installation of persistence tools, lateral movement, and coordinated destructive campaigns.
Attribution	Coordinated within MOIS; collaboration with Scarred Manticore highlights transfer of operations for increased impact and complexity.
Recommendations	Multi-factor authentication, patch management, network segmentation, email/web filtering, regular backups, incident response plans, threat intelligence, and employee training.
Source	SOCRadar

Read full article: https://socradar.io/dark-web-profile-storm-842-void-manticore/

The above summary has been generated by an AI language model