Pro-Palestinian Hacking Group Launches Cyber Assaults Against Israeli Organizations
Over the weekend, a pro-Palestinian hacking collective known as Handala claimed responsibility for a series of cyber attacks targeting various Israeli organizations. This move appears to be a direct response to the recent Israeli strikes on Iranian nuclear facilities.
Who is Handala?
Handala, named after a symbol of Palestinian resistance, has resurfaced after its last known activities in February 2025. Since June 14, the group has been documenting its attacks on a darknet leak site, displaying a renewed commitment to its anti-Israel agenda. Predominantly, the group focuses on Israeli entities or those connected to the Israeli military, employing a variety of sophisticated hacking techniques traditionally associated with cyber warfare.
Recent Target: Delek Group
One of the initial victims in Handala’s latest offensive was the Delek Group, a major player in the petroleum sector in Israel. The hackers assert that they have unlawfully accessed and stolen over two terabytes of sensitive data. In a statement released on June 14, Handala warned, “Your fuel systems are exposed, and so are your secrets. Over two terabytes of classified data are no longer in your hands.” This brazen communication was intended to incite panic among the organization and its stakeholders.
Delek, along with its subsidiary, the Israel Fuel Corporation—one of the country’s largest service station chains—faces significant repercussions as a result of this breach, which Handala claims compromises their ability to operate efficiently.
Expanding the Attack
On the same day, Handala publicly announced other companies they had allegedly compromised, including AeroDreams, a drone manufacturer with reported ties to the Israeli Air Force. Handala asserted that AeroDreams is a "silent front" for covert military operations. “What they thought was untouchable… has already been breached,” the hackers claimed, insisting that they had obtained 400 gigabytes of internal data from the firm.
Additionally, Handala targeted Y.G. New Idan, which they describe as a covert arm of Israel’s Ministry of War responsible for military base construction. The group asserted that they stole 339 gigabytes of data from this entity, promising forthcoming leaks showcasing their findings.
Another significant victim was 099 Primo Telecommunications. Handala claims to have infiltrated the company’s network and dispatched over 150,000 emails to its customers, warning them of an impending missile attack. The dramatic emails stated, “You ignored every warning. The fire you sparked is coming for you,” framing the threats in the context of existing regional tensions.
The Document Leak
On June 15, Handala escalated its efforts further by publishing what it claimed to be 300,000 classified documents on their leak site. These documents reportedly detail collaborations between the Delek Group and the Israeli military, including fuel supply contracts and updates to internal databases. However, upon examination, only 12 archived files amounting to roughly four gigabytes have been published. Cyber Daily has been unable to verify the authenticity of these documents and is actively seeking comments from the Delek Group.
Motivations and Methods
While Handala’s tactics appear similar to those of ransomware groups, their motivations lie entirely in political activism rather than financial gain. The group has garnered attention for its ability to create disruptions rather than demanding ransom. Various reports suggest that they have links to Iran’s Ministry of Intelligence, with traffic traced back to Iranian IP addresses.
Handala’s history of attacks includes a renowned incident in January 2025 when they accessed public address systems in Israeli kindergartens to issue red alert warnings. This breach was verified by Israel’s National Cyber Directorate and demonstrates the group’s strategy of exploiting public panic as a means of furthering their cause.
In summary, Handala’s recent surge of cyber attacks against Israeli entities reflects a broader geopolitical conflict, with its activities blurring the lines between hacktivism and state-sponsored cyber warfare. The claims made by the group raise significant concerns about the vulnerabilities within critical infrastructure and the ongoing tensions in the region.
