Handala's latest is a dump allegedly of Ron Prosor's emails, who they originally mentioned 8 days ago.
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala have deleted their previous message and replaced it with this. #threatintel #handala
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala claim they are doing a “ultra big wipe” #threatintel #handala
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala claim to have hacked and wiped 74 servers at AGAS - https://www.agas.co.il - an Israeli MSP, MSSP and cloud reseller.
I’m not sure the size of the org stacks up with Handala’s claim. Also, 74 servers is not a lot.
I’ve reached out to AGAS to see if they want to comment.
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala claim to have released 10gb of customer data for AGAS.
It does appear AGAS has a security incident going on. AGAS declined to comment when asked.
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
AGAS have confirmed to me they are dealing with a cyber incident from Handala. #threatintel #handala
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala have been banned from TikTok, one day after joining. #threatintel #handala
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala say have hacked and dumped IM Cannabis aka IMC - https://imcannabis.com/ - using their access via AGAS, their MSP.
They also implicate another company, NDN Security - https://www.ndn-security.com/
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala claims to have done a leak and wipe of Elad municipality.
Elad's website is offline, and there's an Israeli media report of some kind of cyber incident.
Handala typically over exaggerate data volumes exfiltrated.
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala are again claiming to have hacked Soreq, the nuclear safety org. I have in the past confirmed Soreq had a cybersecurity incident related to Handala, via the International Atomic Agency. #Handala #threatintel
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
Handala have posted photos and internal diagrams of, they claim, Shimon Peres Negev Nuclear Research Center.
The data appears to have come from Soreq. I have confirmed Soreq was owned, via the IAEA.
-
Kevin Beaumontreplied to Kevin Beaumont on last edited by
A few things have happened with Handala over the past few days which I haven’t covered - they’ve been dumping cloud backup photos and making threats, including about family members. I didn’t want to cover it.
All but one of the Handala Telegram channels has been shut down tonight.
-
Handala continues to be crazy town, with data dumps of what is allegedly to be SSV Network, a blockchain company.
Handala claim they can link it (SSV Network) to Unit 8200, the Israeli intelligence agency. So far this appears to be without proof.
I’m going to guess, based on this post, they plan to post more tomorrow about Unit 8200.
-
So with the Unit 8200 stuff and Handala, their latest claim is they gained access to Silicom Limited (an IT services and networking company) and exfiltrated data, and that Silicom is a front company for Unit 8200.
Presented evidence includes a video accessing an internal VMware vCentre cluster with about 50tb of storage.
-
Handala claim to be inside the Silicom incident response process, and that they’ve wiped 300 systems. #Handala #threatintel
-
Btw the Silicom thing is interesting - Silicom sell OEMs networking kit and cards inside server which is rebranded on sale, ie people see their products as other company. The Handala claim is that Silicom is a Unit 8200 (Israeli signals intelligence) front company, for onward access. #Handala #threatintel
-
Handala are one year old today. They are billing next week “destructive week”. #Handala #threatintel
-
Masoumeh Karbasi & Reza Avazeh were killed in a drone strike in Lebanon in October. As far as I can see nobody knew why publicly, Handala’s linking Reza to Hezbollah and their cybersecurity appears to be a first.
His children were invited to meet ‘Supreme Leader of the Islamic Revolution’ that week. https://farsi.khamenei.ir/news-content?id=58050
-
Handala say they plan their most destructive hack so far this weekend, over the fate of Reza Avazeh
There’s even a video, but sadly no hoodie wearing hackers
-
Handala claim to have gained access to
CaaB Cloud (https://caab.cloud), aka Cloud as a Business, posting a video of administrator access. CAAB Cloud describe themselves as “The MSP’s Cloud” in marketing.CAAB Cloud is owned and operated by GNS in Israel, aka https://gns.cloud
It is unclear if the claims are credible. CaaB’s status page suggest a ~10% availability impact in one of their Israeli datacenters three days ago on cloud VM. https://status.caab.cloud
-
Handala suggests they got access to Ehud Barak’s iPad using a BYOD management profile. #Handala #threatintel