The notorious Handala hacking group, believed to be linked to Iranian intelligence, has taken responsibility for a significant cyber breach targeting the Israeli police force. They reportedly exfiltrated approximately 2.1 terabytes of sensitive information that includes personnel files, weapons inventories, medical assessments, psychological evaluations, legal case documentation, weapon permits, and identity cards. Handala has further claimed to have made 350,000 of these documents publicly available.
The breadth of the alleged data compromise is alarming, covering a wide range of sensitive information. Reports indicate that the compromised data comprises email addresses, firearms licenses, photographs of officers, personal contact information, classified documents, and identification details regarding suspects and convicted criminals, including specific information about sex offender employment permits.
In addition, Handala alleges they gained access to the personal records of police officers, which include private psychological assessments and various other confidential data, as well as breaching the servers belonging to the Israeli Ministry of National Security.
Despite these assertions, the Israeli police have denied any direct breach of their systems. Their official response indicates that, if a breach did occur, it likely involved third-party vendors who handle data for the police. An investigation is currently in progress to determine the full scope of the alleged incident and to identify potential vulnerabilities that may have been exploited.
This incident appears to be part of a wider pattern of cyber disruptions orchestrated by Handala against Israeli targets, particularly in the wake of heightened tensions following the Israeli-Hamas conflict. Microsoft observes that Israel has increasingly become a focal point for Iranian cyber operations, witnessing a substantial rise in attacks. Handala’s activities are emblematic of this trend, characterized by a string of escalated data breaches targeting various Israeli institutions.
In a notable incident in October 2024, Hackread.com reported on Handala’s involvement in a phishing scheme aimed at cybersecurity personnel in Israeli organizations, utilizing wiper malware to disrupt the country’s digital defenses. Furthermore, in September 2024, the group targeted the Soreq Nuclear Research Center (SNRC) in a consequential ransomware attack.
Handala has also attacked critical Israeli systems, including recent intrusions into the Elad Municipality and the Ramat Gan Academic College. One particularly disruptive event occurred on January 27, 2025, when the group compromised an emergency alert system operated by Maagar-Tec, causing fictitious terror alerts and panic in at least 20 kindergartens across Israel.
In a post on BreachForums dated February 9, 2025, Handala claimed not only responsibility for this recent incursion but also taunted Israeli authorities, highlighting their success in breaching defenses while accusing them of arrogance and deception.
“Handala does not forget. Handala does not forgive,” warned the group, underscoring their determination to continue their cyber campaign.
