Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The Handala hacking group has posted a flurry of updates to its leak sites and Telegram channel as missiles and drones fly between Israel and Iran.
A notorious pro-Palestinian hacking group claimed to have carried out a wave of cyber attacks targeting Israeli organisations over the weekend, seemingly in response to Israel’s attacks against Iranian nuclear facilities late last week.
The Handala hacking group – named after a popular symbol of Palestinian resistance – was last active in February 2025, but since 14 June, it has listed several Israeli victims on its darknet leak site.
Petroleum conglomerate the Delek Group and its Delkol subsidiary were the first victims listed as part of Handala’s latest campaign, with the hackers claiming to have stolen more than two terabytes of data.
“Your fuel systems are exposed. and so are your secrets,” Handala said in a 14 June leak post.
“Over two terabytes of classified data are no longer in your hands. Your fuel stations are vulnerable. If you’re smart, you’ll act now. Fuel up immediately, before you’re left with nothing but empty roads and silent jets. Time is not on your side.”
The Israel Fuel Corporation, another Delek subsidiary, is one of Israel’s largest service station chains.
On the same day, the group listed Argentinian drone maker AeroDreams, Israeli construction firm Y.G. New Idan, and ISP 099 Primo Telecommunications.
AeroDreams’ website appears to be down at the time of writing, but Handala appears to claim the company has links to the Israeli Air Force.
“They used to fly for the Air Force, now they hide behind Aerodreams,” Handala said.
“A silent front for sensitive drone programs, elite pilot training, and covert logistics. What they thought was untouchable… has already been breached. 400 gigabytes of internal data are in our hands, and soon, in everyone else’s.”
Handala claimed that Y.G. New Idan is a “secret arm of Israel’s Ministry of War” and is responsible for constructing military bases. The hackers said they stole 339 gigabytes of data from the company that “will be leaked soon, for everyone to see”.
In the case of 099 Primo Telecommunications, however, Handala claimed to have infiltrated the company’s network infrastructure and sent more than 150,000 emails to its customers, warning of a massive missile attack.
“You ignored every warning. You thought distance and steel would protect you. But now, the fire you sparked is coming for you,” Handala’s alleged email said.
“Tonight, the sky will darken with our storm. Thousands of precision strikes await the final signal. Your systems will go blind. Your defences will collapse.”
Finally, on 15 June, Handala published what it claimed were “300,000 classified documents” to its leak site.
“These files reveal extensive collaboration between Delek Group and the Israeli military, including detailed fuel supply contracts and access to their updated internal databases,” Handala said.
However, despite claiming to have two terabytes of data, only 12 archived files have been published, each totalling just four gigabytes. Cyber Daily has not been able to verify the contents of the leak and has contacted the Delek Group for comment.
Who is Handala?
Handala largely targets Israeli entities or organisations with links to Israel and its military. It’s known to use a wide range of tactics, techniques and procedures to gain access to its victims, including spear phishing. Though tracked as a ransomware operator by some, the group’s motivations are entirely political, and no ransom demands are ever made.
In the wake of the widespread CrowdStrike outage in 2024, the group was observed using emails that claimed to be from the cyber security firm and that offered a fix for the issue. However, in the guise of a file called CrowdStrike.exe, the hackers were able to deploy a malicious wiper program capable of deleting entire directories from an infected machine.
The group’s internet traffic appears to originate from Iranian IP addresses, and a report from the website Iran International links Handala to Iran’s Ministry of Intelligence.
While some of Handala’s victims have claimed the group exaggerates its activity – a common tactic for hacktivist groups – others have confirmed the hackers’ claims. In January 2025, Handala gained access to public address systems in Israeli kindergartens in order to broadcast red alert warnings and propaganda, an attack that Israel’s National Cyber Directorate later confirmed.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
