Reportseverity: High2024-05-20

Check Point documents Void Manticore / Scarred Manticore MOIS handoff

published by Check Point

Actor

Iranian state-sponsored intrusion set publicly attributed to the Ministry of Intelligence and Security (MOIS), specialised in destructive operations and conducting them under a rotating set of public…

Summary

In a companion blog post Check Point described a systematic handoff procedure between two MOIS-affiliated groups: Scarred Manticore (Storm-0861) gains initial access and exfiltrates data over extended dwell times, then transfers the foothold to Void Manticore (Storm-0842) which executes destructive wipes paired with leak-site disclosure. The pattern was observed in the 2022 Albanian government intrusions ('Homeland Justice') and again across 2023-2024 attacks on Israeli targets under the 'Karma' persona.

Primary source

blog.checkpoint.com

Other Void Manticore events

2024-05-20Check Point Research details Void Manticore wipers and Karma persona
2022-07-15Homeland Justice persona disrupts Albanian government IT under MOIS direction

Summary

Tags

Primary source

Other Void Manticore events