Iran-Linked Wiper Wave Targets Global Networks via Identity Attacks

Unit 42 warns of a rising risk of wiper attacks tied to the Iran conflict, led by Handala Hack (aka Void Manticore) using phishing and compromised admin access via Microsoft Intune to disrupt networks in Israel and the US; Israel's National Cyber Directorate reports cases where attackers used legitimate credentials to delete servers. The advisory outlines zero trust privileged access, Just-In-Time admin rights, MFA, break-glass accounts, PIM/PAM, MAA, RBAC with Intune Admin roles, and Group-based PIM; plus shorter session lifetimes, token protection, DSPM/DLP, MDR/XDR monitoring, offline immutable backups, and ongoing phishing training. If compromised, contact incident response teams.