Iran linked hacker group Handala Hack Team claim pager explosions linked to Israeli battery company
Back in May, I started tracking Handala, a hacktivist branded group expressing pro-Palestine views:
Handala is word which is a prominent national symbol and personification of the Palestinian people.
Since May, the group has been attacking organisations in Israeli, and has followed a pattern of wiping victims, exfiltrating data and posting publicly — much like Cyber Toufan, who I covered prior:
Their website and X account were both shut down prior to today, along with four different Telegram groups.
Today, Handala posted a statement on their Tor site, saying:
The facts of the last two days!
The operation of the last two days was a series of joint actions of the Mossad and Unit 8200 and a number of shell companies of the Zionist regime! Handala’s hackers, during extensive hacking in recent hours, were able to obtain very secret and confidential information from the operations of the past days, and all the documents will be published in the coming hours!
The summary of the operation is as follows:
* This supply chain attack has taken place by contaminating the batteries of Pagers devices with a special type of heat-sensitive explosive material in the country of origin of the producer!
* Batteries have been contaminated with these explosives by IIB ( Israeli Industrial Batteries ) company in Nahariya!
* Mossad was responsible for transporting contaminated batteries to the country of origin of the producer!
* Due to the sensitivity of explosives detection devices to these batteries and the need to move them in several countries, Mossad, in cooperation with vidisco shell company, has moved the mentioned shipments!
* Vidisco company is an affiliated company of 8200 unit and today more than 84% of airports and seaports in the world use X-rays produced by this company in their security unit, which actually has a dedicated backdoor of 8200 unit and the Zionist regime It can exclude any shipment it considers in the countries using these devices and prevent the detection of sabotage! ( The complete source code of this project will be published in the next few hours! )
* Contaminated shipments have reached Lebanon through the use of Vidisco backdoor and after traveling through several countries!
* All the factors involved in this operation have been identified by Handala and soon all the data will be published!
* Handala has succeeded in hacking Vidisco and IIB and their 14TB data will be leaked!
More details will be published in the coming hours
They followed up with two posts:
Vidisco
Vidisco is an Israeli based developer and manufacturer of portable digital X-ray inspection systems. This company is affiliated with the 8200 unit of the regime and now 84% of airports in the world use the products of this company in their security gates. Basically, Mossad passes through the security gates of any cargo in any airport it considers using the backdoor embedded in this company’s software.
Many security and military services of different countries of the world use the products of this company. Is the world aware of the connection between this company and Mossad? Big surprises are coming in the coming hours. 8 TB of top-secret data of this company, including the names of all agents, customers, emails, backdoor sources, software sources, financial and administrative documents, etc., are now in Handala’s possession and will be leaked soon!
Israeli Industrial Batteries
IIB is one of the companies affiliated to the Ministry of Defense of the regime, which is responsible for the design and production of many vital energy storage infrastructures for the military and defense industries of the Zionist regime, such as radars, telecommunication equipment, spying equipment, etc. This company has also contaminated the batteries of Hezbollah’s electronic devices with explosives.
6 TB of sensitive information of this company, including all emails, financial and administrative documents, design and production documents, customers, human resources, etc., will be leaked soon!
Who are Handala Hack Team?
It is unclear at this time, however their prior web domains had early network traffic originating from Iranian IP addresses. Their talking points in their writing overlap with Iran government talking points. All of the victim targeting is in Israeli.
Are the claims credible?
Handala has not yet provided proof of data exfiltration of these organisations. On reaching out, one company above said they are suffering from “IT issues”.
In prior claims by Handala, they have been credible around victim names.
If the battery claims are credible; it is not possible to assess as no evidence has been provided to date.
One of the device manufacturers fingered in the Lebanon explosive device situation today claims the explosions happened in the battery compartment:
Given that photographs of the devices show severe damage around the battery compartment, the batteries may have been modified with explosives after procurement, Icom director Yoshiki Enomoto was quoted as saying in a Kyodo report.
I will continue to monitor.
Updates
3pm — 19/09/2024 — Handala have started dumping data on Telegram. They claim the data shows cooperation between Mossad and Vidisco:
10am – 20/09/2024 – Handala claim to have released source code, and appear to threaten Vidisco with Iranian drones:
7pm — 23/09/2024 — I have confirmed with sources that the hack of Vidisco is real. They have a significant cybersecurity incident running, which includes data exfiltration.
Handala have been kicked off Telegram for the fifth time (which may be some kind of record, given how difficult it to get kicked off Telegram usually).
Before being kicked off, they posted allegations about Benny Gantz, including dumping what they claim are 35k emails, identity documents and travel itinerary. It is unclear where they got these from or if they have tampered with — but I am told they include Israeli government data.
They have also posted various other file dumps, which a journalist tells includes real data from Vidisco — this includes audio recordings inside Vidisco offices. So far I haven’t heard of any evidence provided related to IIB.
As far as I’m aware there is nothing linking either Vidisco or IIB to battery attacks — however it is clear Handala have gained access to Vidisco’s network. Vidisco equipment provides security scanning of the objects at the border of many nations, so this is obviously a big problem.
