‘Pro-Palestine’ hacking group banned on X as US criticizes Iran over cyberattacks

Avatar

The social media platform X banned an account used by a self-described pro-Palestinian hacking group on Tueday, shortly after the United States issued a warning about Iranian cyber actors targeting the country’s presidential election.

Although the group — known as Handala, after a cartoon and national symbol in Palestine — has not claimed to be behind any attacks on the United States, the timing of the ban indicates there may be concerns about its links to Tehran.

The @Handala_Hack account had been active on both X and Telegram, as well as hacking site Breach Forums, since December 2023, regularly announcing operations targeting Israeli entities amid the ongoing war in Gaza.

Cybersecurity company Trellix described Handala’s attacks as sophisticated and said it was “a group which at least pretends to act based on pro-Palestinian motives,” although it cautioned this motive may be a “façade for an ulterior motive.”

Back in July, Handala claimed to be behind a phishing campaign impersonating cybersecurity firm Crowdstrike that attempted to install a wiper on Israeli victims’ networks — an operation that prompted an urgent warning from the Israel National Cyber Directorate. They also claimed to launch other attacks, including on Israeli Iron Dome radars.

In its report on Handala, Trellix stated that “an undisclosed commercial company attributed the group to Iran” on the Israeli government’s official website, although Recorded Future News was unable to locate this attribution.

Israeli cybersecurity company Cyberint reported that the group shared a post last December identifying itself as “a small fighter” in the Hamas movement. U.S. and British sanctions have described Hamas as funded by the Islamic Republic of Iran.

Handala’s X account was banned shortly after a joint statement from U.S. intelligence community agencies accused Iran of being behind several cyberattacks targeting the presidential election, including the recently announced cyberattack on the campaign of former President Donald Trump

Despite an alert sent to X users who had reported @Handala_Hack, stating the group had violated the platform’s “abusive behavior rule” and wasn’t allowed to create new accounts, it already appears to be operating the @Handala_Backup account.

Trellix noted that the group’s public activities are consistent with their proclaimed activist nature, and noted how within the wiper malware the group included a failsafe that would block the code from executing on any devices named “Gaza Hackers Team Handala Machine.”

Self-proclaimed pro-Palestine hacktivist groups have previously been linked to the Iranian state. The Cyber Av3ngers group, which conducted attacks globally against an Israeli-made programmable logic controller used by water facilities, has been attributed to the Islamic Revolutionary Guard Corps Cyber-Electronic Command.

CybercrimeElectionsGovernmentNewsNation-state
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Moscow detains scientist suspected of carrying out DDoS attacks on Russia

Next Post

‘Pro-Palestine’ hacking group banned on X as US criticizes Iran over cyberattacks

Related Posts

AI-Powered Rhadamanthys Stealer Targets Crypto Wallets with Image Recognition

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in
Avatar
Read More

Kazakh Organizations Targeted by ‘Bloody Wolf’ Cyber Attacks

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT (aka Strigoi Master). "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijack restricted data," cybersecurity vendor BI.ZONE said in a new analysis. The cyber attacks employ
Avatar
Read More