2023 Handala first created accounts on
Telegram and X on 18 December 2023, weeks after
7 October attacks. The group first proclaimed itself a "small fighter" of
Hamas, before shifting towards broader
anti-Israeli messaging. It was behind HamsaUpdate, a
wiper malware campaign targeting Israeli citizens using both
Microsoft Windows and
Linux systems. The campaign sent out emails to its victims attempting to convince them to download the malware onto their computers. It provoked a warning from Israel's
National Cyber Directorate on 19 December.
2024 In April, Handala claimed that it hacked
Iron Dome and radar systems and sent 500,000 texts to Israelis. On 15 June, the group conducted a ransomware attack on kibbutz
Ma'agan Michael, seizing 22 gigabytes of data and sending 5,000 false
SMS warning messages. That same month, the group hacked into
Vidisco, claiming it had discovered a "backdoor" in security scanners that enabled the explosives used in Israel's
pager attack in Lebanon to pass unnoticed. On 30 September, Handala said that it seized 197 gigabytes of data from the
Soreq Nuclear Research Center in response to
the killing of
Hezbollah leader
Hassan Nasrallah. The group targeted
Sheba Medical Center three months prior, seizing data from a biotechnology corporation. On 3 October, Handala hacked into the
Shin Bet's security system, stealing confidential information from around 30,000 officers. On 6 October, it leaked 300 GB of confidential information from
Israeli Industrial Batteries, which provides services to Israel's military. On 8 October, Handala leaked 1.5 TB of data from
Max Shop, a service used by over 9,000 Israeli stores, leaking financial transactions and customer data. On 28 October, it conducted a cyberattack on Israeli cybersecurity provider AGAS, compromising 74 of its servers. On 24 November, the group claimed that it seized documents containing the names of hundreds of
Mossad operatives in response to
the killing of
Hamas leader
Yahya Sinwar.
2025 On 27 January 2025, Handala targeted
Maager-Tec public address systems of at least 20 kindergartens in Israel, playing Arabic messages, anti-Israeli songs, and rocket sirens. In May, Ehud Barak's email inbox was published by
Distributed Denial of Secrets after being leaked by Handala, revealing an invitation to Barak by
Jeffrey Epstein to a dinner with
Peter Thiel in May 2014. Barak said he could not make it, although Epstein insisted on Barak meeting Thiel and offered to set up another meeting the next month. On 8 July, the group said that it accessed server infrastructure belonging to
Iran International, and released photos of government IDs and other personal information belonging to five of its staff. The following day, it claimed that it received information on thousands of people linked to the outlet, and later published the personal details of several journalists on
Facebook. In November, it was reported that Handala obtained and leaked emails written between the 2000s and 2018 between
Palantir co-founder Peter Thiel and top Israeli officials, such as Ehud Barak and Benny Gantz, who expressed interest in gaining access to his company. On 29 November, the group said it left a bouquet of flowers inside of the car of a senior Israeli nuclear scientist, and also published personal information belonging to alleged
Unit 8200 members. On 16 December, the group claimed it released details on 13 designers of defense systems such as the
Arrow and
David's Sling, and offered a $30,000 bounty for more information on the Israeli military industry. On 18 December, Handala said that it hacked the phone of former Israeli prime minister
Naftali Bennett, publishing his chat messages and 141-page list of his contacts. Bennett said that only his Telegram account was breached. On 28 December, the group said that it hacked into the iPhone of prime minister
Benjamin Netanyahu's chief of staff,
Tzachi Braverman, as part of its "Bibi Gate" operation. The group threatened to release files from the phone, including phone numbers linked to senior officials, but a breach was denied by the
Prime Minister's Office.
2026 On 3 January, Handala published 60 photos and videos from
Ayelet Shaked's phone. On 8 January, it claimed that it had surveilled a senior Mossad operative behind covert operations in Iran, and released videos allegedly shot outside their home. On 25 February, the group said that it hacked into
Clalit Health Services and released medical information from over 10,000 patients.
Iran war On 3 March, Handala put a $250,000 bounty for the beheadings of Iranian-Canadian activist
Goldie Ghamari and Iranian-American lawyer
Elica Le Bon, claiming it had leaked their home addresses to the
Jalisco New Generation Cartel. On 11 March, Handala claimed a cyberattack against the
Michigan-based medical technology manufacturer
Stryker Corporation, which serves 150 million patients. The attack affected devices that were connected to
Microsoft Windows, disrupting much of the company's global operations, such as order processing, manufacturing, and shipping and forcing tens of thousands of employees to be sent home. The company said on 26 March that it had largely recovered from the cyberattack. Handala said that it destroyed over 200,000 of Stryker's systems and devices across 79 countries in response to the
Minab school attack that reportedly killed at least 170 people. It was reported to have been the most severe Iranian wartime cyberattack against the US in history. On 19 March, the
Federal Bureau of Investigation (FBI) took down Handala's website, which was used to document its activities. A backup website and two others linked to Iran's cyber operations were also shut down. Handala's
X account was also banned. The following day, Handala restored its website. On 27 March, Handala said that it hacked the personal email of FBI director
Kash Patel, publishing more than 300 emails, as well as his photos and alleged resume. Most of the emails released by the group were dated before 2019, before Patel was appointed director of the FBI. Following the hack, the
Rewards for Justice Program offered up to $10 million in exchange for the identification of the Handala group. On 1 April, Handala claimed that it seized 2 TB of data, including information about county employees, police reports, and death certificates, after hacking computer systems in
St. Joseph County, Indiana. Local officials confirmed a hack occurred, but said that only third-party faxing systems were affected and no sensitive data was released. On 9 April, the group said that it hacked the devices of former IDF chief of staff
Herzi Halevi and released over 19,000 documents. Among the files released were photos and videos from previously unknown meetings with Jordanian army chief
Yousef Huneiti in Jordan and US
CENTCOM commander
Michael Kurilla in Qatar, as well as personal photos and IDs. == See also ==