Handala hack: How a shadowy hacker group infiltrated Israeli spy, military networks

US Rep. Ilhan Omar (D-MN) (L) talks with Speaker of the House Nancy Pelosi (D-CA) during a rally with fellow Democrats before voting on H.R. 1, or the People Act, on the East Steps of the US Capitol on March 08, 2019 in Washington, DC. (AFP photo)


By Maryam Qarehgozlou

In recent months, a series of cyberattacks carried out by Handala, a group of pro-Palestinian hacktivists, have targeted Israeli regime facilities, resulting in the leak of sensitive military data, diplomatic communications, and other classified information.

These high-level technological breaches, according to cyber experts, have disrupted regular operations and complicated the cybersecurity landscape for the Zionist regime.

In its most recent operation, the Handala Hack Team on Sunday announced that they hacked Silicom, describing it as “the biggest and most feared cover company of Unit 8200.”

The notorious Unit 8200 is an Israeli intelligence outfit responsible for electronic espionage, signal intelligence, code decryption, and cyber warfare, among other clandestine operations.

The unit plays a crucial role in Israel’s military intelligence apparatus and works in concert with the regime's spy agency Mossad, which is notorious for covert terror operations abroad.

Handala said its operation that targeted Silicom was a retaliatory act in response to the martyrdom of Hamas leader Yahya Sinwar, who was assassinated by the Israeli regime on October 16.

“In all the assassinations and crimes of recent months, the 8200 unit has always played a very active role in them! The crimes of this unit are not hidden from anyone! But its members must realize today that they will no longer be safe!” the group wrote on Telegram.

According to the hacking network, Silicom is “the largest” cover company created by Unit 8200 “to remain hidden and undetected.”

“This company is responsible for the design and implementation of all electronic spying stations of Unit 8200 and Mossad in the occupied territories and all over the world!” it noted.

Source: Handala Telegram 

Handala revealed that all key members and senior managers of the Silicom are high-ranking secret officers of Unit 8200 and promised to reveal the identities of these individuals in the near future.

In videos published on Telegram, Handala showed the security panel for Unit 8200 and said it obtained some 40 terabytes of “top secret data” from their servers, including all emails, correspondence, administrative and financial documents, research and development documents, calls, etc.

“As you can see in videos, we were present inside the management security panel of your most secure cyber unit! Do you have such a claim of the nation of startups? Your most secure servers were in our hands," it stated, addressing the Israeli military and intelligence apparatus.

Handala also reported that after months of being in the “completely isolated” network of this cover company, they have wiped all 40TB of its data, including the backup files of the servers.

“Now your data is not even in your hands! Only Handala! You just saw a small part of our cyber power! Your most secure servers have always been available to us! 8200 members should be afraid of their own shadow!” it warned.

Handala said it would begin to leak the documents soon. “For Sinwar,” it concluded.

On Tuesday, the cyber group announced its second successful attack on Silicom.

In the second wave of attacks, Handala erased all data from 300 computers within the Israeli company to demonstrate its advanced cyber capabilities.

On Thursday, Handala said on Telegram that 96 hours after it hacked Silicom despite the presence of senior cybersecurity experts from Unit 8200 in this company 24 hours a day, they have not been able to recover the leaked data.

“All the company's offices and production lines are closed! We suggest Handala experts come to solve the problem!” it said, taking a swipe at the regime authorities and their inefficacy.

According to Handala, Silicom's offices in the occupied territories, the United States and Denmark were closed due to Handala's cyber attack.

Source: Handala Telegram 

Mossad blockchain network hacked

On Thursday, the group announced that it had hacked Mossad financing and money laundering network known as SSV Blockchain Network.

According to Handala, Mossad had been transferring money to its vast network of spies across the West Asia region through a special protocol in the blockchain.

Source: Handala Telegram 

Mossad exhibited such confidence in the impenetrability of this protocol that they offered a $1 million bug bounty reward for any hacker capable of breaching their infrastructure.

But after 4 months of round-the-clock work by dozens of Handala hackers, they were able to break into the blockchain and dump all of its 8 TB of “highly sensitive” information.

The information includes all financial documents, contracts, administrative documents, logs of all transactions, operators, clusters, nodes, the entire project source, e-mails, the recorded file of meetings, the recorded file of calls, etc.

“We have now leaked 1TB of information of this protocol worth more than one million dollars as PoC to prove to everyone that we should not play with fire!” Handala said.

Source: Handala Telegram 

Handala’s other targets

The hacking group has engaged in a series of other cyberattacks as well, defacing numerous websites and compromising the accounts of several high-profile Israeli regime politicians.

Among those targeted were former Chief of Staff and minister of foreign affairs Gabi Ashkenazi, former war cabinet minister Benny Gantz, former prime minister Ehud Barak, and former senior officer in Mossad and Israel’s ambassador to Germany Ron Prosor.

In mid-April, Handala hacktivists successfully infiltrated the Israeli military's radar systems and took down the much-hyped Israeli air defense system, the Iron Dome.

The group substantiated its claims by sharing screenshots documenting the hacking of the radars.

DRS RADA compromised data announcement.

This multifaceted cyberattack also targeted Rada Electronics, a military technology company allied with the Israeli army, resulting in a breach that was corroborated by leaked dashboard images.

Handala’s operation further extended to psychological warfare, as hackers disseminated 500,000 text messages to Israeli settlers, cautioning them about an imminent attack.

“You only have a few hours to repair your radar systems! We started the game! We suggest you run away now…,” read the message.

In another major breach in June, Handala claimed responsibility for hacking Zerto, an Israeli military firm specializing in critical cybersecurity services.

The hackers exfiltrated a staggering 51 terabytes of data, revealing sensitive information that was fundamental to Zerto’s day-to-day operations.

Handala hacked Zerto, an Israeli firm specializing in critical cybersecurity services.

In late September, following the assassination of Hezbollah leader Sayed Hassan Nasrallah in an Israeli airstrike in Beirut, Handala executed a targeted cyberattack on the Soreq Nuclear Research Center (NRC) – an important nuclear facility in the occupied Palestinian territories.

The group revealed to have acquired comprehensive data, including emails, infrastructure maps, personnel details, and administrative documents.

In an official statement, the Israeli Prime Minister’s office acknowledged an incident at the Soreq but refrained from disclosing specific details, since the regime's nuclear activities are shrouded in secrecy.

Speaking on behalf of the Israel Atomic Energy Commission, the statement said, “The incident is known and under investigation. The Soreq Nuclear Research Center maintains the highest level of information security protocols, in line with national security regulations.”

However, according to security experts, the breach severely jeopardized Israel’s nuclear capabilities and is expected to have far-reaching implications for the regime, experts opine.

In early October, Handala successfully breached Shin Bet’s much-guarded military system, compromising their exclusive mobile security application utilized exclusively by officers.

Compromised Internal Interface PoC

Israeli Vidisco, IIB, and Lebanon’s pager attacks

One of Handala’s most significant hacking feats occurred on September 19 when they discovered a backdoor in widely used Vidisco security scanners, which enabled explosives used in pager attacks in Lebanon on September 17 and 18 to go undetected.

“Vidisco company is an affiliated company of Unit 8200 and today more than 84% of airports and seaports in the world use X-rays produced by this company in their security unit, which actually has a dedicated backdoor for Unit 8200 and the Zionist regime,” Handala said in a statement.

It asserted that Vidisco holds the capability to exempt any shipment it deems necessary within the countries employing these devices, thereby potentially preventing the detection of sabotage attempts.

The hacker group further stated that it successfully compromised Israeli Industrial Batteries (IBB), affiliated with the Israeli ministry of military affairs.

It said that IBB had contaminated the batteries of Hezbollah’s electronic devices with explosives.

“Handala has succeeded in hacking Vidisco and IIB and their 14TB data will be leaked!” it warned.

Handala defacement campaign post example

Shattered invincibility myth

In a futile effort to project an image of strength and invincibility, the Israeli regime remains tight-lipped and secretive regarding cyberattacks conducted by pro-Palestinian groups, including Handala.

Israeli authorities refuse to comment on the extent or impact of such attacks targeting their critical infrastructure, in line with the policy of not disclosing information about their military casualties.

According to cyber and security experts, this silence is an attempt to prevent widespread public awareness of these attacks, minimize embarrassment for the occupying regime, and conceal the extent to which pro-Palestinian groups have successfully penetrated Israeli digital systems.

Nonetheless, the US-based cybersecurity magazine Cyber Express in a report on October 1, said while Handala’s efforts have gone largely “unnoticed” and “uncorroborated,” the group’s websites, social media, and Telegram accounts have been repeatedly taken down quickly, “suggesting significant interest in limiting the group’s reach.”

Handala has been removed from Telegram on at least five separate occasions in recent months.

Cybersecurity companies like Constella have also taken notice of the hacks carried out by Handala in recent months, confirming some of the hacker group’s significant breaches.

Cybersecurity researcher Kevin Beaumont confirmed in a blog post in September that “at least some of Handala’s prior claims may be true.”

“I have confirmed with sources that the hack of Vidisco is real. They have a significant cybersecurity incident running, which includes data exfiltration,” he wrote in a post on September 23.

A threat of leaking data sized 2TB

Who is ‘Handala’ and what does it represent?

The hacker group draws its inspiration from the iconic figure 'Handala' created in 1969 by Palestinian political cartoonist Naji al-Ali, who has to his credit nearly fourteen thousand drawings.

Handala is a ten-year-old boy who turned his back to the viewer in the year 1973 and clasped his hands behind his back.

The iconic figure Handala was created in 1969 by Palestinian political cartoonist Naji al-Ali.

The name Handala originates from an Arabic term for a plant, the Citrullus colocynthis, native to the region, and known for its deeply rooted and bitter-tasting fruit.

Even when cut, the plant demonstrates remarkable resilience by growing back.

Handala symbolizes defiance against imposed solutions and solidarity with the oppressed Palestinian population who yearn to return to their homes and liberate their lands.

The character is deeply personal to its creator, al-Ali, who was forced to flee his Palestinian hometown in 1948 following the Israeli occupation when he was just ten years old.

Since al-Ali’s tragic assassination in 1987, Handala has remained as a powerful emblem of Palestinian identity, prominently displayed across the West Bank, Gaza, and Palestinian refugee camps.


Press TV’s website can also be accessed at the following alternate addresses:

www.presstv.ir

www.presstv.co.uk

SHARE THIS ARTICLE