Check Point Research exposed Handala Hack as an online persona used by Iranian threat actor Void Manticore to conduct destructive hack-and-leak and wiping operations against Israel, the US (including Stryker), and other targets. Researchers found the group is modernizing its arsenal with AI-assisted PowerShell wiping scripts, NetBird tunneling, layered disk-encryption wiping, and continued hands-on deletions via RDP. #HandalaHack #VoidManticore
Keypoints
- Check Point Research links Handala Hack to the MOIS‑affiliated threat actor Void Manticore, responsible for hack-and-leak and destructive wiping campaigns.
- The Handala persona has focused on Israel and recently targeted U.S. organizations, including Stryker.
- The group is adopting AI-assisted PowerShell wiping scripts and using NetBird tunneling to maintain persistence and move laterally.
- Operators often employ layered destruction—multiple simultaneous wiping methods and disk encryption—to render systems unrecoverable.
- Recommended defenses include enforcing MFA, restricting RDP access, and maintaining offline, immutable backups.
Read More: https://securityonline.info/face-of-destruction-void-manticore-handala-hack-ai-wiping-operations/