“Handala Hack” – Unveiling Group’s Modus Operandi

This report profiles Handala Hack (Void Manticore), an Iranian MOIS‑linked APT persona responsible for destructive "hack-and-wipe" campaigns against Israel, Albania, and U.S. targets; it documents consistent hands-on TTPs (compromised VPN/valid accounts, RDP lateral movement, NetBird tunneling), multiple parallel wiping methods (custom MBR wiper, AI-assisted PowerShell deletion, VeraCrypt disk encryption, and manual deletion), provides hashes/IPs/hostnames as IOCs, and recommends mitigations such as enforcing MFA, hardening RDP, and monitoring for NetBird/Starlink activity.