The Handala Hack Team claims to have leaked more than 100,000 personal emails of long-time Israeli intelligence leader and ex-Mossad research director Sima Shine – as pro-Iranian threat actors continue attacks on the Middle East’s favorite enemy nation, Israel.

The hacktivist group posted about the alleged cyberattack on its leak site on Monday, along with a download link and eight sample files watermarked with the Handala logo.

Handala widens campaign

The declaration comes as Handala on Monday took to its victim blog to taunt US medical technology giant Stryker, which it allegedly hit with a massive wiper attack last week – now claiming to have wiped an “unprecedented” 12 petabytes of the company's internal data using Stryker’s own Microsoft software.

Accompanying the Stryker claim, the group also posted what appear to be 20 unique file samples as proof of the intrusion, many of them allegedly showing Handala's ability to access backups, security, and data protection systems, including for AWS, Azure, Rubrik Secure Vaults, plus files showing medical product schematics and product invoices.

Stryker, a Fortune 500 company, announced over the weekend that it had contained the attack on its Microsoft environment and is now in the process of restoring its systems, without revealing what data may have been impacted.

Meanwhile, the hacker collective also went after several other high-ranking Israeli intelligence and security officials, allegedly doxxing the identities of multiple Israeli senior Navy officers, as well as targeting the Hebrew University of Jerusalem over the weekend, according to the leak site.

The hacked Israeli intelligence figures include Laura Gilinski, who Handala claims is a former Deputy Head of Planning & Strategy at Mossad and current Deputy Director of the Institute for National Security Studies (INSS), an organization affiliated with Tel Aviv University (TAU).

Also claimed is 34-year IDF veteran, Major General (Res) Tamir Hayman, former Head of Military Intelligence and current managing director of the INSS, and Raz Zimmt, Director of the Iran and the Shiite Axis research program, also at the INSS, and TAU research fellow at the Alliance Center for Iranian Studies.

What the samples show

Calling the 100,000 emails “a priceless treasure trove, a living testament to the depth of crisis, defeat, and desperation within Mossad and its leadership,” the group claims their handiwork is sending “shockwaves through the Israeli intelligence apparatus.”

“The personal email of Sima Shine….has been hacked… over 100,000 of her ultra-classified emails are available for anyone to download!” Handala wrote in a lengthy blog post on Monday.

“If this agency was truly the monstrous force it claimed to be, how could the personal email of the mastermind behind every anti-Islamic and anti-Shia plot be breached so effortlessly?” the group wrote, referring to Israel’s elite tactical spy unit, the Mossad.

Labeling Shine an “enigmatic woman,” the group blamed the former research head for pretty much “any tragic event, explosion, or turmoil in the Islamic world.”

The eight samples, as seen by Cybernews, start off with what appears to be a copy of Shine’s official Israeli passport.

Other documents, dated from 2018 through 2024, purportedly show highly classified email correspondence between Shine and other high-ranking officials, as well as confidential reports of the state of Middle East affairs.

The emails discuss a variety of sensitive topics, from the current state of nuclear programs in the region, notably mentioning Iran, to an upcoming Middle East US Summit (MEAD), to Syria’s Electricity Ministry, even citing US intelligence warnings.

Who is Handala?

Researchers say Handala emerged as a public-facing persona in late 2023, although the operators behind the group may be tied to a much older Iran-linked threat cluster, specifically operators known as Void Manticore or Banished Kitten.

Handala has been championing the Palestinian cause since before the onset of Operation Epic Fury, carrying out several notable attacks after the war against Hamas in Gaza began following the October 7th attacks on Israel.

According to the Iran-Israel Live Cyber Attack dashboard by SOCRadar, Handala Hack “is a destructive threat actor combining wiper attacks with hack-and-leak operations for maximum psychological impact.”

Backed by the Islamic Republic’s Ministry of Intelligence and Security (MOIS), the state-aligned group commonly targets the medtech, education, finance, and government sectors, SOCRadar states.

As for who is in charge of Handala’s operations, interestingly, SOCRadar noted Monday that Handala's MOIS handler had been killed in the conflict’s opening strikes.

“Check Point’s Void Manticore report confirmed that Panjaki, the MOIS deputy assessed to have directed Handala, Karma, and Homeland Justice operations, was killed on March 2nd. Handala's continued operational tempo raises the question of whether current operations are pre-planned or running under a new handler,” the threat researchers said.

Last week, Handala also claimed to have hacked US electronic payments processing giant Verifone and boasted about disclosing the personal information of 50 senior Israeli Air Force officers.

In a statement sent to Cybernews, Verifone denied there had been any breach of its systems.

Last July, the group targeted several London journalists working for Iran’s only independent media outlet, Iran International, and more recently, carried out attacks on Israeli diplomatic ally Jordan, further threatening retaliatory attacks on other Middle East countries over perceived involvement in the Iranian conflict.

---

Unlock more exclusive Cybernews content on YouTube.