Whilst the conflict between the US/Israel coalition and Iran continues, Iran’s regime has intensified its effors in the cyber war. The hacking group Handala which emerged shortly after the Hamas attacks on Israel on 7 October and who previously claimed to have hacked the Iron Dome System, has emerged as one of the most active and successful Iranian hacking groups during this war. In this report, we detail the groups latest activity.

Handala Hack timeline

March 6 – Cyber attack on the Jewish community

Handala Hack claimed it stole 851 gigabytes of data from members of the Sanzer Hasidic Jewish community. On the same day, Handala posted the names and confidential data corresponding to individuals who Handala claimed worked for the Israeli Defense Forces (IDF).

March 9 – Targeting of the IDF

Handala posted the names and sensitive PII of approximately 190 individuals associated with or employed by the IDF and Israeli government. In the groups post, they stated that these individuals were being monitored and their addresses were known and that consequences would follow.

11 March – Stryker Cyberattack

As mentioned in our previous article, the FBI seized 2 websites used by Handala hacktivist group after the threat actors carried out an attack on a US medical technology giant Stryker that wiped data from approximately 80,000 devices. Stryker, one of the largest medical technology companies in the world, had a revenue of approximately $25.12 billion in 2025.

Handala used Microsoft’s Intune platform to carry out this attack. Handala stated this attack was in retaliation to the strikes on Iranian targets, including the girls school in Minab.

27 March – FBI hack

It is possible that until now, this attack could be the largest and most important hack by this group during the war. The Handala group claimed to have hacked the personal email of the current FBI Director, Kash Patel and published a large amount of data including pictures, documents and videos. The FBI confirmed the attack and emphasised that no governmental data was exposed and in response, removed Handala’s website.

31 March – Threat

According to a post on its Telegram channel, the group posted a message stating that a city in the US was experiencing a widespread cyber disruption and that details would emerge soon. Later that day, Handala Hack, posted an image of a letter they claimed to have sent to managers and employees of security and anti-terrorism departments of the USA and Europe. On their website, the group said “We will not rest until the truth is revealed and the blood of the innocent is avenged.”

31 March – Iran Wire Hack

Handala claimed to have hacked and taken over control of IranWire who they state is being operated under the support and guidance of the CIA. They posted several videos showing the hack of both IranWire’s Instagram account and its website.

1 April – St Joseph County Hack

Handala Hack announced the hacking of the IT infrastructure of St Joseph County in the state of Indiana. Over 2 terabytes of sensitive information belonging to organizations such as the Prosecutor’s Office, Police and Health Centers were stolen. 12 terabytes of vital data was also wiped. Handala released over 2000 of these classified documents.

2 April – PSK WIND’s Defense Networks

Handala carried out a cyber attack on the networks of PSK WIND Technologies, the main designer and implementer of integrated command and control systems for Israel’s air defense. All sensitive data was extracted from their servers.

It is worth mentioning that the US Government’s Rewards for Justice program have now offered up to $10 million for information leading to the identification, arrest or location of Handala members.