Handala Hackers Launch Destructive Cyberattacks Using RDP and NetBird

Handala Hackers Launch Destructive Cyberattacks Using RDP and NetBird

First seen 17 Mar 2026, 00:51 UTC GbhackersCybersecuritynews 91% similarity 74.9

Article Content

Browse articles
ThreatCluster

Handala Hack, an Iranian state-linked threat actor, has executed a series of destructive cyberattacks targeting organizations in Israel, Albania, and the United States. The attacks utilize Remote Desktop Protocol (RDP) and the NetBird network tunneling tool, alongside multiple parallel wiper tools designed to erase data. This group operates under the identity of Void Manticore, also known as Red Sandstorm and Banished Kitten, which is affiliated with Iran’s Ministry of Intelligence and Security (MOIS). The scope of the impact remains under assessment, but the attacks have been characterized by their rapid execution and significant destructive capability. Specific details on the number of affected systems and exact CVEs are not disclosed in the articles. The current status indicates ongoing investigations into the attacks and potential mitigation strategies. Security professionals are advised to monitor for signs of RDP exploitation and to review their defenses against wiper malware.

Key Points: • Handala Hack is linked to Iran's MOIS and has targeted organizations in multiple countries. • The attacks employ RDP and NetBird for access, along with advanced wiper tools. • The threat actor is known under various aliases, including Void Manticore and Red Sandstorm.

ThreatCluster AI

Timeline

2026-03-16
Gbhackers article published detailing Handala Hack's activities.
2026-03-17
Cybersecuritynews article published with further details on the attacks.

Community

Browse all →