The social media platform X recently banned the account of a self-proclaimed pro-Palestinian hacking group, Handala, shortly after the United States issued a warning about Iranian cyber actors targeting the country’s presidential election.
While Handala has not directly claimed responsibility for any attacks on the United States, the timing of the ban suggests concerns about potential links to Tehran. The group, named after a cartoon symbolizing Palestinian resistance, had been active on X, Telegram, and the hacking site Breach Forums since December 2023, frequently announcing operations against Israeli targets amid the ongoing conflict in Gaza.
Cybersecurity firm Trellix has described Handala’s cyberattacks as sophisticated, noting that the group claims to operate based on pro-Palestinian motives. However, Trellix also suggested that these motives might be a cover for other objectives. In July, Handala claimed responsibility for a phishing campaign that impersonated the cybersecurity firm CrowdStrike in an attempt to install destructive malware on Israeli networks. This operation led to an urgent warning from the Israel National Cyber Directorate. The group also claimed to have launched attacks on Israeli Iron Dome radar systems.
Trellix’s report mentioned that an undisclosed commercial entity attributed the group to Iran, though this attribution was not verified by other sources. Israeli cybersecurity company Cyberint reported that Handala identified itself as “a small fighter” within the Hamas movement in a post shared last December. Both the U.S. and U.K. have described Hamas as being financially supported by the Islamic Republic of Iran.
The banning of Handala’s account on X came shortly after a joint statement from U.S. intelligence agencies accused Iran of being behind several cyberattacks targeting the presidential election, including a recent attack on the campaign of former President Donald Trump. Despite receiving alerts from X users about the group’s violation of the platform’s abusive behavior rules, Handala appears to have quickly reestablished its presence with a backup account.
Trellix also observed that Handala’s activities align with their stated activist goals, noting that the group included a failsafe in their wiper malware to prevent it from executing on devices associated with the Gaza Hackers Team.
Pro-Palestinian hacktivist groups, such as Handala, have previously been linked to the Iranian state. For example, the Cyber Av3ngers group, which launched global attacks against Israeli-made programmable logic controllers used in water facilities, has been attributed to Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
