A comprehensive cyber threat intelligence (CTI) report profiling the Handala Hack Group (aka Handala Hack Team), an Iranian MOIS-linked threat actor cluster also tracked as Void Manticore, Storm-0842, BANISHED KITTEN, and Dune. The report covers December 2023 through March 2026, detailing the group's operational doctrine of combining technical intrusion, wiper deployment, data theft, and rapid public claim dissemination for maximum psychological and reputational impact. Key findings include: attribution convergence across five or more vendors to MOIS-linked infrastructure; pragmatic TTPs relying on phishing, trusted-channel abuse, and commercial file-sharing (Storj, Mega) for payload delivery; confirmed destructive wiper activity across multiple phases; and a deliberate information-operations layer that can outpace forensic containment. The report includes MITRE ATT&CK mappings, IOC compendium, SOC detection guidance, a wiper response playbook, and NIST CSF-lite controls mapping. Primary targets include Israeli public services, healthcare, education, political figures, and media organizations.
Sort: