VOID MANTICORE
VOID MANTICORE is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS). Active since at least mid-2022, VOID MANTICORE has targeted government entities, critical infrastructure, and private sector organizations across Albania, Israel, and the United States. VOID MANTICORE conducts destructive cyber operations, combining wiper attacks with hack-and-leak campaigns. The group has operated under multiple public-facing personas, including HomeLand Justice in operations against Albania, Karma and Karma Below in campaigns targeting Israeli organizations, and Handala Hack, its current primary persona, which has claimed activity against Israeli and U.S. entities, including a March 2026 attack against Stryker Corporation. VOID MANTICORE has been observed collaborating with Scarred Manticore, which has been linked to initial access operations preceding VOID MANTICORE’s activity.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
6 mentions · 3 sources"the Iran-linked Handala Hack Team published personal data of Lockheed Martin engineers by name, issuing a 48-hour ultimatum tied explicitly to geopolitical demands."
"Iranian state-affiliated threat group Handala Hack has breached FBI director's Patel's personal Gmail account"
"Void Dokkaebi (also known as Famous Chollima) has evolved from single-target social engineering attacks to a self-propagating supply chain threat"
Hedge terms observed