‘Pro-Palestine’ hacking group banned on X as US criticizes Iran over cyberattacks

Avatar

The social media platform X banned an account used by a self-described pro-Palestinian hacking group on Tueday, shortly after the United States issued a warning about Iranian cyber actors targeting the country’s presidential election.

Although the group — known as Handala, after a cartoon and national symbol in Palestine — has not claimed to be behind any attacks on the United States, the timing of the ban indicates there may be concerns about its links to Tehran.

The @Handala_Hack account had been active on both X and Telegram, as well as hacking site Breach Forums, since December 2023, regularly announcing operations targeting Israeli entities amid the ongoing war in Gaza.

Cybersecurity company Trellix described Handala’s attacks as sophisticated and said it was “a group which at least pretends to act based on pro-Palestinian motives,” although it cautioned this motive may be a “façade for an ulterior motive.”

Back in July, Handala claimed to be behind a phishing campaign impersonating cybersecurity firm Crowdstrike that attempted to install a wiper on Israeli victims’ networks — an operation that prompted an urgent warning from the Israel National Cyber Directorate. They also claimed to launch other attacks, including on Israeli Iron Dome radars.

In its report on Handala, Trellix stated that “an undisclosed commercial company attributed the group to Iran” on the Israeli government’s official website, although Recorded Future News was unable to locate this attribution.

Israeli cybersecurity company Cyberint reported that the group shared a post last December identifying itself as “a small fighter” in the Hamas movement. U.S. and British sanctions have described Hamas as funded by the Islamic Republic of Iran.

Handala’s X account was banned shortly after a joint statement from U.S. intelligence community agencies accused Iran of being behind several cyberattacks targeting the presidential election, including the recently announced cyberattack on the campaign of former President Donald Trump

Despite an alert sent to X users who had reported @Handala_Hack, stating the group had violated the platform’s “abusive behavior rule” and wasn’t allowed to create new accounts, it already appears to be operating the @Handala_Backup account.

Trellix noted that the group’s public activities are consistent with their proclaimed activist nature, and noted how within the wiper malware the group included a failsafe that would block the code from executing on any devices named “Gaza Hackers Team Handala Machine.”

Self-proclaimed pro-Palestine hacktivist groups have previously been linked to the Iranian state. The Cyber Av3ngers group, which conducted attacks globally against an Israeli-made programmable logic controller used by water facilities, has been attributed to the Islamic Revolutionary Guard Corps Cyber-Electronic Command.

CybercrimeElectionsGovernmentNewsNation-state
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

‘Pro-Palestine’ hacking group banned on X as US criticizes Iran over cyberattacks

Next Post

Android malware used to steal ATM info from customers at three European banks

Related Posts

New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botnet, dubbed Raptor Train by Lumen's Black Lotus Labs, is believed to have been operational since at least May 2020,
Avatar
Read More