Threat actor · all actors
VOID MANTICOREG1055 unknown
aka VOID MANTICORE, COBALT MYSTIQUE, Handala Hack, Homeland Justice, Karma, Karmabelow80, BANISHED KITTEN, Red Sandstorm
Last updated: 2026-07-03
About this actor
[VOID MANTICORE](https://attack.mitre.org/groups/G1055) is a threat group assessed to operate on behalf of Iran’s Ministry of Intelligence and Security (MOIS).(Citation: Check Point VOID MANTICORE Handala Hack March 2026) Active since at least mid-2022, VOID MANTICORE has targeted government entities, critical infrastructure, and private sector organizations across Albania, Israel, and the United States.(Citation: Check Point VOID MANTICORE Handala Hack March 2026)(Citation: Palo Alto VOID MANTICORE Iran Cyber Threats March 2026) [VOID MANTICORE](https://attack.mitre.org/groups/G1055) conducts destructive cyber operations, combining wiper attacks with hack-and-leak campaigns. The group has operated under multiple public-facing personas, including (LinkByld: C0038) in operations against Albania, Karma and Karma Below in campaigns targeting Israeli organizations, and Handala Hack, its current primary persona, which has claimed activity against Israeli and U.S. entities, including a March 2026 attack against Stryker Corporation.(Citation: Check Point VOID MANTICORE Handala Hack March 2026)(Citation: DOJ FBI Handala Hack March 2026) [VOID MANTICORE](https://attack.mitre.org/groups/G1055) has been observed collaborating with Scarred Manticore, which has been linked to initial access operations preceding VOID MANTICORE’s activity.(Citation: Domain Tools Handala Hack Karma Homeland Justice MOIS April 2026)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1003T1003.001T1005T1021T1021.001T1027T1027.015T1036T1036.004T1036.005T1041T1047T1059T1059.001T1059.006T1071T1071.001T1072T1074T1078T1078.002T1078.004T1082T1087T1087.002T1098T1102T1105T1110T1110.001T1110.004T1113T1114T1114.002T1119T1123T1125T1133T1190T1199T1204T1204.002T1213T1213.002T1219T1219.002T1484T1484.001T1485T1486T1490T1547T1547.001T1552T1552.002T1560T1560.001T1561T1561.001T1561.002T1564T1564.003T1566T1572T1583T1583.001T1583.003T1583.004T1583.006T1585T1585.001T1585.002T1587T1587.001T1588T1588.001T1588.002T1589T1595T1595.002T1651T1657T1679T1684T1684.001T1686T1686.003
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 52 / 87 | 60% |
CM-6 | 43 / 87 | 49% |
CM-2 | 42 / 87 | 48% |
AC-3 | 41 / 87 | 47% |
AC-6 | 37 / 87 | 43% |
CM-7 | 33 / 87 | 38% |
SI-3 | 31 / 87 | 36% |
AC-2 | 30 / 87 | 34% |
SI-7 | 28 / 87 | 32% |
CA-7 | 27 / 87 | 31% |
IA-2 | 26 / 87 | 30% |
AC-4 | 24 / 87 | 28% |
AC-5 | 23 / 87 | 26% |
SC-7 | 21 / 87 | 24% |
CM-5 | 20 / 87 | 23% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Magic Hound 0.33
- Sandworm Team 0.32
- APT28 0.29
- Ke3chang 0.28
- Scattered Spider 0.28