Handala's latest is a dump allegedly of Ron Prosor's emails, who they originally mentioned 8 days ago.
-
Handala are one year old today. They are billing next week “destructive week”. #Handala #threatintel
Masoumeh Karbasi & Reza Avazeh were killed in a drone strike in Lebanon in October. As far as I can see nobody knew why publicly, Handala’s linking Reza to Hezbollah and their cybersecurity appears to be a first.
His children were invited to meet ‘Supreme Leader of the Islamic Revolution’ that week. https://farsi.khamenei.ir/news-content?id=58050
-
Masoumeh Karbasi & Reza Avazeh were killed in a drone strike in Lebanon in October. As far as I can see nobody knew why publicly, Handala’s linking Reza to Hezbollah and their cybersecurity appears to be a first.
His children were invited to meet ‘Supreme Leader of the Islamic Revolution’ that week. https://farsi.khamenei.ir/news-content?id=58050
Handala say they plan their most destructive hack so far this weekend, over the fate of Reza Avazeh
There’s even a video, but sadly no hoodie wearing hackers
-
Handala say they plan their most destructive hack so far this weekend, over the fate of Reza Avazeh
There’s even a video, but sadly no hoodie wearing hackers
Handala claim to have gained access to
CaaB Cloud (https://caab.cloud), aka Cloud as a Business, posting a video of administrator access. CAAB Cloud describe themselves as “The MSP’s Cloud” in marketing.CAAB Cloud is owned and operated by GNS in Israel, aka https://gns.cloud
It is unclear if the claims are credible. CaaB’s status page suggest a ~10% availability impact in one of their Israeli datacenters three days ago on cloud VM. https://status.caab.cloud
-
Handala claim to have gained access to
CaaB Cloud (https://caab.cloud), aka Cloud as a Business, posting a video of administrator access. CAAB Cloud describe themselves as “The MSP’s Cloud” in marketing.CAAB Cloud is owned and operated by GNS in Israel, aka https://gns.cloud
It is unclear if the claims are credible. CaaB’s status page suggest a ~10% availability impact in one of their Israeli datacenters three days ago on cloud VM. https://status.caab.cloud
Handala suggests they got access to Ehud Barak’s iPad using a BYOD management profile. #Handala #threatintel
-
Handala suggests they got access to Ehud Barak’s iPad using a BYOD management profile. #Handala #threatintel
A bit on the nose writing
#Handala #threatintel
-
A bit on the nose writing
#Handala #threatintelHandala have gained access to Reutone, a SaaS CRM supplier, and forward phished customers with a Trojan. Write up later. #Handala #threatintel
-
Handala have gained access to Reutone, a SaaS CRM supplier, and forward phished customers with a Trojan. Write up later. #Handala #threatintel
I wrote up the Handala attack on ReutOne, includes the first IoCs on Handala's python trojan
-
I wrote up the Handala attack on ReutOne, includes the first IoCs on Handala's python trojan
Handala has also defaced ReutOne’s website, and published videos of RDP access to ReutOne’s internal network, eg Active Directory Certificate Authority etc. https://web.archive.org/web/20241226141650/https://www.reutone.com/
-
Handala has also defaced ReutOne’s website, and published videos of RDP access to ReutOne’s internal network, eg Active Directory Certificate Authority etc. https://web.archive.org/web/20241226141650/https://www.reutone.com/
Handala claim they hacked Allen Carr's Easyway via ReutOne.
Two points:
a) I legit thought they had hacked UK national treasure Alan Carr for a moment
2) "reportedly", lol. ChatGPT doing overtime for Handala.
-
Handala claim they hacked Allen Carr's Easyway via ReutOne.
Two points:
a) I legit thought they had hacked UK national treasure Alan Carr for a moment
2) "reportedly", lol. ChatGPT doing overtime for Handala.
The '100K messages sent' thing is a reference to Handala abusing WhatsApp Business accounts, my English translation of message they've been sending.
-
The '100K messages sent' thing is a reference to Handala abusing WhatsApp Business accounts, my English translation of message they've been sending.
Handala claim they will be wiping Mossad’s financial network today. Also, they appear to have purchased ChatGPT premium.
-
Handala claim they will be wiping Mossad’s financial network today. Also, they appear to have purchased ChatGPT premium.
One note, they fully respected the dates of the ceasefire last time but apparently aren’t bothered this time? #handala #threatintel
Edit: derp, it was Cyber Toufan who respected the ceasefire, not Handala.
-
One note, they fully respected the dates of the ceasefire last time but apparently aren’t bothered this time? #handala #threatintel
Edit: derp, it was Cyber Toufan who respected the ceasefire, not Handala.
Handala claim to have done a hack and wipe of Zuk Group, an Israel group of financial companies. Their website has been defaced as of writing.
Handala posted a series of videos appearing to show access to their internal network.
Handala also claim the company is a front for Mossad. They offer no evidence of that bit.
-
Handala claim to have done a hack and wipe of Zuk Group, an Israel group of financial companies. Their website has been defaced as of writing.
Handala posted a series of videos appearing to show access to their internal network.
Handala also claim the company is a front for Mossad. They offer no evidence of that bit.
Handala got booted off Telegram after the Zuk Group hack.
They’re back on another channel and posted:
“وَ كَمْ قَصَمْنا مِنْ قَرْيَةٍ كانَتْ ظالِمَةً ... بَلْ نَقْذِفُ بِالْحَقِّ عَلَى الْباطِلِ فَيَدْمَغُهُ فَإِذا هُوَ زاهِقٌ ...”
Which translates to
“How many a city have We destroyed which was unjust... Rather, We cast the truth upon falsehood, and it destroys it, and at once it departs...”
-
Handala got booted off Telegram after the Zuk Group hack.
They’re back on another channel and posted:
“وَ كَمْ قَصَمْنا مِنْ قَرْيَةٍ كانَتْ ظالِمَةً ... بَلْ نَقْذِفُ بِالْحَقِّ عَلَى الْباطِلِ فَيَدْمَغُهُ فَإِذا هُوَ زاهِقٌ ...”
Which translates to
“How many a city have We destroyed which was unjust... Rather, We cast the truth upon falsehood, and it destroys it, and at once it departs...”
Handala claim to have hacked the Ministry of National Security in Israel, activated red alert to get people into shelters, closed the doors, then played a song and wiped the system.
Very unclear how widespread or credible this is, although some Israeli social media posts show devices going off and playing songs.
-
Handala claim to have hacked the Ministry of National Security in Israel, activated red alert to get people into shelters, closed the doors, then played a song and wiped the system.
Very unclear how widespread or credible this is, although some Israeli social media posts show devices going off and playing songs.
They also claim they have hacked Israeli police pagers and are broadcasting song on them, claim to have taken security ID information and delivery certificates for weapons. #handala #threatintel
-
They also claim they have hacked Israeli police pagers and are broadcasting song on them, claim to have taken security ID information and delivery certificates for weapons. #handala #threatintel
There’s some coverage in Israeli media suggesting a focus on schools, with Israeli authorities acknowledging the incidents.
https://www.mivzaklive.co.il/archives/879473
מתקפת סייבר במוסדות חינוך: הודעות בערבית ואזעקות במערכות הכריזה
במערכות הכריזה הופעלו הודעות בערבית וכן התראות צבע אדום. קבוצת התקיפה האיראנית "Handala" קיבלה אחריות לאירוע.
ערוץ 7 (www.inn.co.il)
For the record Handala claims they sent 5million text messages at 8am this morning, UK time.
-
There’s some coverage in Israeli media suggesting a focus on schools, with Israeli authorities acknowledging the incidents.
https://www.mivzaklive.co.il/archives/879473
מתקפת סייבר במוסדות חינוך: הודעות בערבית ואזעקות במערכות הכריזה
במערכות הכריזה הופעלו הודעות בערבית וכן התראות צבע אדום. קבוצת התקיפה האיראנית "Handala" קיבלה אחריות לאירוע.
ערוץ 7 (www.inn.co.il)
For the record Handala claims they sent 5million text messages at 8am this morning, UK time.
Handala claim to have done a hack and wipe of Tosaf, a plastics manufacturer.
Screenshots show apparent Windows domain admin access, and they attach CCTV videos of themselves playing songs into a factory and an office, with workers looking confused.
-
Handala claim to have done a hack and wipe of Tosaf, a plastics manufacturer.
Screenshots show apparent Windows domain admin access, and they attach CCTV videos of themselves playing songs into a factory and an office, with workers looking confused.
Handala have been fully kicked off Telegram, including their backup channel.
Achievement unlocked as I can't remember a group ever getting fully booted.
-
Handala have been fully kicked off Telegram, including their backup channel.
Achievement unlocked as I can't remember a group ever getting fully booted.
Handala appear to have fully wiped a company called Stryker, a global healthcare company.
Not in the link but they've got into AD, and wiped all the devices with Intune etc etc.
Stryker cyber attack - Irish unable to work as hackers cripple global systems
All IT systems at Stryker, which employs 4,000 people in its Cork base, remain down.
Irish Mirror (www.irishmirror.ie)
