Some ‘free Palestine’ hacktivist style group called Handala have been defacing websites and claim to exfiltrate data. https://handala.to/ #threatintel
23 orgs hit so far.
Handala, a wiper group posing as a ransomware group who target Israeli companies, claims IIB (Israeli Industrial Batteries) supplied explosive batteries for pagers and Vidisco supplied Xray machines which didn’t detect said batteries.
They claim they will be releasing 6tb of data for IIB and 8tb of data for Vidisco. I tried phoning one of the companies, who said they have an IT issue.
Wrote up the Handala Hack Team thing while on lunch as it was too nuts not to. https://doublepulsar.com/hacker-group-handala-hack-team-claim-battery-explosions-linked-to-israeli-battery-company-5bea086280cd
Handala Hack Team have started posting files on Telegram. They were kicked off Telegram multiple times prior, they're back on a different username. #threatintel
Handala have released what they claim is source code showing a backdoor in Vidisco scanners, which are used by ports and airports to scan cargo.
Post contains reference to Hodhod drones, which is an Iranian UAV, and makes reference to Vidisco as being a “legal target” #threatintel
The latest on the Handala Hack Team situation with Vidisco and Israeli Industrial Batteries (IIB) breach claims is the file sharing site hosting the downloads say they have received DMCA complaints.
So far only outlets in Italy and Iran have picked up the story, and have done so fairly responsibly, i.e. not saying the claims are true.
I have just published a big update on the Handala situation regarding Vidisco at the bottom of my original post.
tl;dr: They are owned.
Expect to read 0 about this from your threat intelligence providers btw, there's a cone of silence around this one.
Handala are currently up on https://t.me/Handala_backup on Telegram.
Comes complete with a 1 minute data dump announcement video with reasonable production quality.
There's a lot of time and effort gone into the group's recent efforts, it's a little bit better than NoName and the like.
Handala are now going after Israeli politician Gabi Ashkenazi.
I think what they’re doing is compromising personal cloud accounts. #threatintel
The journalist looking at Handala Hack Team has been told to stop looking at it.
Handala say they plan to post 2k photos from Benny Gantz’ phone in response to rocket attacks. I think my theory they’re targeting Israel’s political’s cloud accounts is looking more likely. #threatintel
Handala appear to have gained access to former Israeli PM Ehud Barak’s personal phone, publishing a series of messages alleging various things and lots of photos and identity documents #threatintel
If you’re reading this thread and thinking ‘why isn’t this mentioned anywhere outside of Gossi The Dog’s toots?’ - that’s a good question. #threatintel
Handala allege they are doing a hack and leak of Soreq Nuclear Research Center in Israel. So far their leak claims have been true.. although the document leaks haven’t resembled all of their claims about the contents to the best of my knowledge.
They also claim journalists in Israel have been told not to cover Handela, which I believe has foundation.
The entire cyber industry coverage of a clear Iranian cyber group doing actual cyber activity during a war: #threatintel #handala
@GossiTheDog Any confirmation on the Vidisco backdoor claims?