Handala Hack, an Iranian MOIS-affiliated threat actor also known as Void Manticore, conducts destructive wiping and hack-and-leak operations against US, Israeli, and Albanian targets. The group leverages compromised VPN credentials for initial access, uses NetBird for internal tunneling, and deploys multiple parallel wiping techniques—including custom MBR wipers, PowerShell scripts, and VeraCrypt—distributed via Active Directory Group Policy.