HQ/EMEAFind out how we can help your business
Handala, an alleged Iranian-linked cybercriminal threat group, has heavily targeted Israel with various cybercriminal activities that resulted in repeated account and website takedowns.
According to reports, this cybercriminal entity has appeared several times this year. One of its attacks was on Zerdo a couple of months ago, and an extensive SMS campaign was delivered to Israeli people in April.
One of the group’s most significant and recent claims is that it found a backdoor in a widely used Vidisco security scanner. The exploit on the scanners has allegedly allowed them to trigger explosives using a pager campaign in Lebanon last month.
On the other hand, the researchers confirmed that the Vidisco hack is legitimate but cannot yet confirm if it caused last month’s incident in Lebanon. They are currently dealing with a severe cybersecurity incident, including data exfiltration.
Additionally, the group stated that they also violated Israeli Industrial Batteries (IIB) regulations and utilised contaminated IIB materials in the pager attack. However, the researchers indicated no evidence to support the attackers’ claim.
Handala is a pro-Palestinian threat group that is linked to the Iranian government.
Handala has already been linked to Iran, and various researchers have verified the connection. Confirming the group’s connection to the Iranian regime has strong evidence since their former web domains received early network traffic from Iranian IP addresses.
The group’s writing also contains discussion points similar to those of the Iranian government. The group also defaced websites and claimed to have hacked numerous Israeli MPs and Israel’s Soreq Nuclear Research Center.
However, a separate researcher revealed that a significant portion of the group’s claimed hacked material is years old or recycled. The group also appears linked to Iranian intelligence and has substantial but not unique characteristics to Anonymous For Justice. However, the group has been inactive for some time, just as Handala became active for months.
An alleged Israeli-backed entity has constantly removed the group’s website, social media accounts, and Telegram channels, despite Handala’s assertions, which have mostly gone undetected and uncorroborated. This tactic indicates that the Handala opponent strongly desires to limit its influence.
