"Handala Hack" - Unveiling Group's Modus Operandi
Essential information
- Published
- 16/03/2026 10:24
- Modified
- 16/03/2026 10:51
- Tags
- 2026-03-16 credential-theft handala wiper iranian threat actor supply-chain wiping attacks
- Related entities
- 7 observables, 1 intrusion sets (apt), 10 techniques (mitre), 1 malware, 7 others
Description
Handala Hack, an online persona operated by Void Manticore, is affiliated with Iranian intelligence services. The group, known for destructive wiping attacks and hack-and-leak operations, has targeted organizations in Israel, Albania, and the US. Their tactics include supply chain attacks, credential theft, and manual intrusions. The group deploys multiple wiping methods simultaneously, including custom malware, PowerShell scripts, and disk encryption. Recent activities show expanded targeting and some new techniques, such as using NetBird for tunneling and AI-assisted wiping scripts. Despite some operational security lapses, Handala continues to pose a significant threat, primarily through hands-on, opportunistic attacks.