Days after the FBI seized four websites tied to Handala, an Iranian hacking group masquerading as a hacktivist organization, the gang has demonstrated it’s alive and kicking, leaking sensitive data of Lockheed Martin engineers allegedly working on military projects in Israel.
In what is clearly a targeted doxxing mission, the Handala group has exposed the personal identities and locations of Lockheed Martin – a major American aerospace and defense corporation – engineers, supposedly working in Israel, a country currently at war with Iran.
The group has leaked names, ID numbers, passport details, places of residence, and service bases of 28 Lockheed Martin engineers.
According to Handala, these Lockheed Martin employees have been working on Israeli military projects, including the maintenance of F-35 and F-22 fighter jets and the THAAD defense system.
Threats to engineers and their families
The group has also shared a screenshot of a message allegedly sent to one of the engineers. The message claims: “Your credentials as a Senior Engineer at Lockheed Martin have just been broadcast on Iranian television.”
Indeed, the Iranian media outlets have been gleefully reporting both the breach and Handala’s ultimatum: the doxxed Lockheed Martin engineers have to leave Israel within 48 hours. Otherwise, even more information would be disclosed.
“In recent hours, we have established contact with some of them to demonstrate just how fragile digital barriers can be. From conversations about their daily interests to ordinary details of their lives, all was done to show that ‘privacy’ is merely a word in a book, not a reality,” claims Handala.
“We called them and told them where they live, the names of their children, their favorite foods, their weekend activities, and the locations of their families’ residences in the United States.”
In that same post on the dark web, the group threatens that the engineers’ homes “would become missile targets.” It’s unlikely Iran would be capable of targeting private houses far away in the US.
However, Handala also claims to have friends in the US who would “visit” the engineers’ families unless they returned home from Israel.
According to Cybernews researchers, the data looks genuine and includes lists of people who work for Lockheed Martin in Israel. Names on the leaked passport pages correspond to real individuals working for the company.
Cover for Iranian intelligence?
Moreover, it’s apparently not even the first stage of the so-called “Operation Lockheed Martin.”
A few days ago, another pro-Iranian threat actor, tracked as APT Iran, said it stole 375TB of data from Lockheed Martin. The group claimed the stolen information includes sensitive corporate documents and technical blueprints for the F-35 fighter jet. This is unconfirmed.
Last week, the FBI seized four websites tied to Handala after the group’s cyberattack on medical technology giant Stryker disrupted hospital operations in the US.
Handala is just one of dozens of pro-Iranian hacker collectives that have mobilized following the February 28th US-Israeli strikes on Iran, with security researchers warning that more attacks could follow.
Multiple investigations, including this one by Wired, have shown that hacktivism is essentially a cover for retaliatory state-sponsored cyberattacks. Experts say Handala is a front for Iran’s Ministry of Intelligence, or MOIS.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked