Stryker devices wiped, the email of the FBI boss Kash Patel breached, and now, personal details of thousands of US Marines leaked. The Iranian hacking group Handala clearly doesn’t care about any ceasefire between the US and Iran, as fragile as the agreement is.

Last week, US Marines stationed around the Persian Gulf began receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes.

One of the messages, for instance, reads: “Your identities are fully known to our missile units, and every move you make is under our surveillance. Very soon, you will be targeted by our Shahed drones and Kheibar and Ghadeer missiles. We suggest you call your families now and say your final goodbyes.”

This flurry of threats came from Handala, the Iranian hacking group that calls them “rapid signal alerts.”

And that wasn’t all: a day later, the group announced on Telegram and the dark web that it had leaked the names and phone numbers of 2,379 US Marines stationed in the region.

Already this week, Handala also posted a list of 400 senior US Navy Officers who had allegedly just departed from one of the military bases to join the blockade of Iranian ports.

“This is more than a warning – this is proof that our eyes remain wide open and ever vigilant in the heart of your fleet. The shadows of the Resistance are monitoring your every move. No vessel, no base, and no route is hidden from us,” Handala said on its dark web page.

The data looks genuine and includes lists of people who are indeed members of the US Navy, even though Handala’s claims can’t be taken completely at face value.

It’s definitely possible that what Handala has posted about the US troops may have been scraped from data brokers and social media rather than having been gathered recently from allegedly secure systems.

Still, Handala, widely believed to be a front for Iran’s Ministry of Intelligence, or MOIS, is clearly a nuisance for the Americans.

Even by pretending to be tearing through targets of all sizes, the group is scaring and destabilizing members of the US armed forces. If you’re a Marine and you receive a WhatsApp message threatening you and your family, you don’t care where the data’s coming from.

Lee Sult, chief investigator at cybersecurity firm Binalyze, has been tracking Handala closely and says that, whilst physical conflict could pause or even stop, Iran’s cyber forces will clearly remain active and target Western organizations they see as enemies.

Have thoughts about this topic? Others do, too. Join them in the discussion.

According to Sult, Handala has shown itself to have a varied arsenal. The Stryker attack was “textbook disruption,” the aim of which was to paralyze US operations.

“But the group has also proven itself adept in the psychological dimension of cyber warfare. Hacking the head of the FBI, publishing details of thousands of US marines, and even claiming a coordinated strike with the IRGC on a UAE port aren’t just hacks,” the analyst added.

“Even when ceasefires are declared, and deals are made, groups like Handala should still be considered an active threat and a warfighting asset of the Iranian regime,”

Lee Sult.

“They make a statement that they’ll target anyone and everyone perceived as an enemy of Iran.”

Sult describes Handala as “objectively active, opportunistic, and growing in confidence, mixing destruction, leaks, intimidation, and psychological warfare.”

Yes, the group’s claims vary in legitimacy, but security professionals are impressed with the sheer pace of activity.

“Iran’s regime has pitted itself against the US militarily, and Iran’s conventional military is effectively out of the fight. But what Iran still has, and what it has been most effective at, is cyber,” explains Sult.

“Even when ceasefires are declared, and deals are made, groups like Handala should still be considered an active threat and a warfighting asset of the Iranian regime.”

---

Unlock more exclusive Cybernews content on YouTube.