Iran APTs Tag Team Espionage, Wiper Attacks Against Israel & Albania
伊朗 APT 联合对以色列和阿尔巴尼亚进行间谍活动和 Wiper 攻击

Iranian state-backed threat actors have been working closely to spy on, and then wreak havoc against, major organizations in Albania and Israel.
伊朗国家支持的威胁行为者一直在密切合作，监视阿尔巴尼亚和以色列的主要组织，然后对其造成严重破坏。

First, Scarred Manticore does the spying. Its clever, fileless Liontail malware framework allows it to quietly perform email data exfiltration, often for well over a year's time.
首先，疤痕蝎狮进行间谍活动。 其巧妙的无文件 Liontail 恶意软件框架使其能够悄悄地执行电子邮件数据泄露，通常持续一年多的时间。

Then, says Sergey Shykevich, threat intelligence group manager at Check Point, "When there is some escalation, like with Mojahedin-e-Khalq (MEK) in Albania or with the war in Israel, there's some decisionmaker in the government that decides, 'Let's go burn our cyber access for espionage and instead do influence and destructive operations.' And then they pass it to the other actor, focused on the same organization."
然后，Check Point 威胁情报小组经理谢尔盖·什克维奇 (Sergey Shykevich) 表示，“当事态升级时，比如阿尔巴尼亚的人民圣战组织 (MEK) 或以色列的战争，政府中的一些决策者会决定，” 让我们为间谍活动而销毁我们的网络访问权限，转而进行影响和破坏性行动。” 然后他们将其传递给另一个参与者，专注于同一组织。”

Other Void Manticore wipers target the partition table — the part of the host system responsible for mapping out where files are located on the disk. By ruining the partition table, the data on the disk remains untouched yet inaccessible.
其他 Void Manticore 擦除器的目标是分区表——主机系统的一部分，负责映射文件在磁盘上的位置。 通过破坏分区表，磁盘上的数据保持不变但无法访问。