In recent days, the Handala group has publicly released information regarding more than 180 profiles associated to the Israeli Air Force and other strategic organizations/sectors.

Who is Handala?

Handala (also known as Handala Hack Team, Hatef, and Hamsa) is a pro-Iran hacktivist persona that has been active since at least December 2023. The group is primarily characterized by its disruptive “hack-and-leak” operations and psychological warfare targeting Israeli entities.

Targets

Handala’s operations focus almost exclusively on Israel, targeting a wide range of critical sectors and high-profile organizations:

• Government & Military: Israel’s Ministry of National Security, the IDF’s Unit 8200, and various municipal governments
• Critical Infrastructure: Energy and utilities (including renewable energy companies like BLEnergy), nuclear research centers (Soreq), and water management systems
• Technology & Private Sector: Disaster recovery firms (Zerto/HPE), telecommunications, financial services, healthcare, and e-commerce platforms
• Education & Civil Society: Schools, kindergartens, and kibbutzim

Tactics, Techniques, and Procedures (TTPs)

Handala utilizes a mix of common hacktivist tactics and sophisticated malware deployment:

• Initial Access: Primarily via spear-phishing campaigns and the exploitation of public-facing applications. They have previously masqueraded as security vendors (e.g., CrowdStrike) to deliver malicious updates.
• Malware Deployment: The group uses custom destructive tools, most notably the COOLWIPE and CHILLWIPE wipers. They also leverage proprietary backdoors like ShadowCradle and modular suites such as CobaltDusk.
• Ransomware & Destruction: While they often claim “ransomware” attacks, their primary goal is data destruction and exfiltration rather than financial gain.
• Influence Operations: Handala engages in mass messaging campaigns, sending threatening SMS messages to thousands of Israeli citizens to incite fear and uncertainty.

Social Media & Data Leak Sites

Handala is highly active on social platforms to publicize their claims and leaks:

• Telegram: The group’s primary communication channel is the handle @handala_hack (created Dec 12, 2023). They frequently rotate channels as they are banned.
• X (Twitter): They maintain an active presence under similar “Handala” branding. In the last few days they launched the new account https://x.com/HPRNEW
• Session: ID 0540251cdd0d3f013456f186723cd47aaf2c8cf23c5df599661d68fd6fef7dc929
• Data Leak Sites:
  • handala-hack[.]to (Primary leak site)
  • handala[.]cx (Previously used)
  • handala-redwanted[.]to (Doxxing and intimidation site launched in late 2025)
  • handala-alert[.]to (News)

Releases

The information released includes personal details (name, surname, sometimes telephone number and email address), role, and experience. This information is likely collected from OSINT sources, but it demonstrates a huge commitment by the Handala group to seeking out this information.

The releases in recent days specifically concern 50 profiles of individuals working for the Israeli Air Force, plus another 134 profiles working for the following Israeli strategic organizations/sectors:

1. Military & Armed Forces

These are branches or units of the Israeli armed forces or defense establishment.

• Israel Defense Forces (IDF) — Israel’s national military organization.
• Israeli Ministry of Defense — Government body responsible for defense policy, procurement, and military coordination.
• Haifa Air Force — Likely refers to Israeli Air Force installations or commands in the Haifa region.
• Israel Sea Force — Refers to the Israeli Navy (naval branch of the IDF).
• Aman — Military intelligence branch of the IDF.
• Unit 8200 — Elite signals intelligence and cyber-warfare unit of Israeli military intelligence.

2. Defense & Military Technology Companies

Private or state-linked companies producing weapons, electronics, aerospace systems, and defense technologies.

• Elbit Systems — Major Israeli defense contractor producing drones, avionics, and battlefield systems.
• Rafael Advanced Defense Systems — Developer of missile systems and defense technologies.
• Israel Aerospace Industries (IAI) — Aerospace and defense manufacturer (satellites, UAVs, missiles).
• ELTA Systems — Radar, electronic warfare, and intelligence systems subsidiary of IAI.
• BIRD AeroSystems — Aviation defense solutions such as missile protection systems.
• Indoor Robotics Ltd — Robotics and autonomous security systems (e.g., indoor security drones).
• mPrest Systems — Defense software and command-and-control systems.
• C4I Systems Specialist — Personnel working with command-control-communication-computer-intelligence systems in military tech.

3. Missile & Weapon Systems

These are specific defense systems, not organizations.

• Iron Dome — Short-range rocket interception system.
• David’s Sling — Medium-range missile defense system.
• Arrow Weapon System — Ballistic missile defense system.
• Patriot Missile System — U.S. air and missile defense system used by many countries.
• UCAV/UAC Industry — Sector producing unmanned combat aerial vehicles (armed drones)

4. Cyber Intelligence & Surveillance Technology

Companies specializing in cyber-intelligence, digital surveillance, or offensive cyber capabilities.

• NSO Group — Developer of cyber-surveillance software (e.g., Pegasus spyware).

5. Research & Nuclear / Scientific Institutions

Academic or research organizations contributing to science, defense research, and national technology programs.

• Weizmann Institute of Science — Leading Israeli research university.
• Soreq Nuclear Research Center — Nuclear and scientific research facility.

6. Space & Satellite Communications

Organizations involved in satellite communications and space infrastructure.

• Amos Spacecom — Satellite communications operator providing telecom and broadcast services.

7. Media

Media organizations related to news broadcasting.

• i24News — International news channel based in Israel.