| Category | Details |
|---|---|
| Threat Actors | Storm-842 (Void Manticore), linked to Iranian MOIS, also operating under ‘HomeLand Justice’ and ‘Karma.’ |
| Campaign Overview | Series of cyberattacks targeting Albania (July & September 2022) and later Israel; includes data wiping, influence operations, and ransomware-style disruptions. |
| Target Regions | Albania, Israel, and other entities opposing Iranian interests. |
| Methodology | Destructive wiping attacks, psychological warfare through influence campaigns, strategic data leaks, and coordinated operations with Scarred Manticore. |
| Products Targeted | Windows and Linux systems, e-government portals, border systems, and critical infrastructures. |
| Malware Reference | Custom-developed wipers (Cl Wiper, Partition Wipers, BiBi Wiper), “do.exe,” Karma Shell, and reGeorge web shells. |
| Tools Used | Web shells, SDelete, Windows Format Utility, manual deletion, and SSH-based C2 channels. |
| Vulnerabilities Exploited | Unpatched systems, credential harvesting, use of compromised accounts, and exploits on internet-facing web servers. |
| TTPs | Reconnaissance, weaponization (custom wipers/web shells), delivery via web servers, installation of persistence tools, lateral movement, and coordinated destructive campaigns. |
| Attribution | Coordinated within MOIS; collaboration with Scarred Manticore highlights transfer of operations for increased impact and complexity. |
| Recommendations | Multi-factor authentication, patch management, network segmentation, email/web filtering, regular backups, incident response plans, threat intelligence, and employee training. |
| Source | SOCRadar |
Read full article: https://socradar.io/dark-web-profile-storm-842-void-manticore/
The above summary has been generated by an AI language model
Leave a Reply