How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks

Since the United States and Israel archetypal unleashed a wide run of aerial strikes crossed Iran successful precocious February, the cybersecurity manufacture has warned that the country’s retaliatory measures would see punishing, disruptive cyberattacks against Western targets. Late Tuesday night, the archetypal of those attacks arrived successful the US: a devastating breach of the aesculapian exertion steadfast Stryker that has reportedly disabled arsenic galore arsenic tens of thousands of computers and paralyzed overmuch of the company’s planetary operations—all carried retired by an Iranian hacker radical that calls itself Handala.

“We denote to the satellite that, successful retaliation for the brutal onslaught connected the Minab schoolhouse and successful effect to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our large cyber cognition has been executed with implicit success,” work a connection posted to Handala’s website, referencing some the American Tomahawk rocket that killed astatine slightest 165 civilians astatine a girl’s schoolhouse successful Iran and galore hacking operations that the US and Israel person carried retired arsenic portion of the 2 countries’ assaults crossed Iran. “This is lone the opening of a caller epoch of cyber warfare.”

Even among American cybersecurity researchers who intimately way state-sponsored hacking groups, Handala—which takes its sanction from the well-known Handala quality successful the governmental cartoons of Palestinian creator Naji al-Ali—has until present hardly achieved overmuch notoriety. But those who person followed the group’s evolution, peculiarly successful Israel’s cybersecurity industry, accidental the radical is present wide believed to beryllium a beforehand for Iran’s Ministry of Intelligence, oregon MOIS. They’ve seen the hackers go the astir salient subordinate successful a question of Iranian authorities cyber operators who airs arsenic hacktivists portion seeking to inflict noisy, often politically motivated chaos connected adversaries. Handala, oregon the aforesaid radical operating nether earlier names, has launched data-destroying and hack-and-leak operations for years against targets ranging from the Albanian authorities to Israeli businesses and governmental officials.

Now, arsenic Iran’s authorities faces an existential threat, its hackers—and Handala successful particular—have apt been tasked with utilizing each instrumentality they’ve held successful reserve and each foothold they’ve softly gained wrong a Western web to combat backmost against the US and Israel, says Sergey Shykevich, who leads menace quality probe astatine at the Tel-Aviv-based cybersecurity steadfast Check Point. “They're each in,” Shykevich says. “They’re trying to bash immoderate they tin present to transportation retired destructive activity.”

Within that effort among Iranian state-sponsored hacking agencies to execute loud, publically disposable integer retribution, Handala has grown into “probably the astir ascendant group,” says Shykevich. “They are the main look now.”

Although hacking groups are prone to exaggerate oregon embellish their successes and the interaction of their activity, Handala has publically claimed much than a dozen, mostly Israeli, victims since the commencement of the warfare 2 weeks ago. The radical has “combined the noisy, chaotic playbook of a hacktivist radical with the destructive capabilities of a nation-state,” says Justin Moore, a menace quality researcher astatine information steadfast Palo Alto Networks’ Unit 42 group, calling Handala “a superior cyber-retaliatory limb for the Iranian regime.”

Despite the chaos it has unleashed, Handala’s strategical reasoning shouldn’t beryllium overestimated, says Rafe Pilling, manager of that quality astatine cybersecurity steadfast Sophos’ X-Ops group. Handala appears to beryllium attempting to summation entree to organizations rapidly and bash immoderate harm it tin successful the midst of US and Israeli aerial strikes that person reportedly deed parts of Iran’s cyber operations. “This doesn’t person the hallmarks of a plan,” Pilling says of Handala’s caller hacking campaign. “It’s apt the radical is presently thrashing for targets of accidental that they tin deed successful Israel oregon the US, to show that they are having immoderate benignant of retaliatory effect, but not from immoderate benignant of strategical perspective.”