|
Getting your Trinity Audio player ready...
|
An Iran-linked hacker group has launched a new phase of intimidation against Israelis by offering cash bounties for personal information on individuals it claims are involved in Israel’s air defense programs.
The group, known as Handala, has published names, photographs, contact details, and professional credentials of more than a dozen Israelis it alleges are developers of the Patriot, Arrow, and David’s Sling defense systems.
On Saturday, the group announced a bounty of up to $30,000 for information on Israeli engineers and technicians. The material was posted on a dedicated database-style website, accompanied by personalized threats.
The Jerusalem Post has not independently verified the accuracy of all the published details. Despite this, the information has circulated widely across Arab media platforms and Telegram channels, including accounts linked to Hamas.
Several of the profiles contained direct threats aimed at family members. In one case, the hackers warned a target that his children were not safe, explicitly referencing his wife and three children.
“You thought your family were safe,” the group wrote in one message. “Don’t forget about those three children.” Other targets were told they had been “marked” and that their communications were under surveillance.
In a statement posted on its blog, Handala addressed what it called “engineers and collaborators of the occupation,” claiming that Israeli state protections would not shield them. The group declared that anonymity and safety were “illusions.”
The campaign forms part of what Handala has branded the “RedWanted” project. Since October 18, the group has released near-weekly lists of Israelis, often on Saturdays, accusing them of involvement in weapons development or military intelligence.
One announcement warned that the named individuals would no longer be able to move freely in their laboratories or homes, asserting that supporters of the group were “closer than you imagine.”
Earlier lists described some Israelis as “corpses,” including alleged members of Israel Defense Forces Unit 8200. In those cases, the hackers offered $10,000 for information about the individuals’ locations or activities.
Other postings labeled targets as “wanted,” promising cash rewards for information leading to their “apprehension.” The language and imagery have alarmed security analysts due to their resemblance to real-world hit lists.
The online database reportedly contains information on nearly 200 Israelis. Each profile features a personalized message, and a crosshair graphic appears over photos when users hover their cursor, reinforcing the threatening tone.
A banner displayed prominently on the website warns that Israel should “await a harsh punishment,” while accompanying text claims the group’s hunt will not end until what it calls justice is served.
Handala has also released videos listing targets as “killed by Handala,” interspersed with footage of what appears to be bomb-making materials, further blurring the line between cyber intimidation and physical threats.
The Jerusalem Post has contacted individuals named in the most recent list, as well as Israel’s Defense Ministry, seeking comment on the threats and the state’s response.
Security analysts have long linked Handala to Iran’s intelligence apparatus. The Jerusalem Institute for Strategy and Security has assessed that the group has operated as an Iranian proxy since late 2023.
Handala has conducted hostile cyber activity against Israeli targets for roughly two years. In January 2025, it disrupted public address systems in around 20 Israeli kindergartens during a coordinated cyberattack.
In August 2025, the group claimed responsibility for hacking multiple Israeli organizations, including academic institutions, businesses, and media outlets, leaking internal data online.
Its operations have not been limited to Israel. In September 2025, Canada’s Rapid Response Mechanism reported a “hack and leak” campaign targeting journalists from Iran International, including one based in Canada.
According to Canadian authorities, the leaked materials ranged from government identification documents to highly personal content. The information was distributed in a manner similar to the campaign now targeting Israeli engineers.
The report also noted that the leaked data was amplified across multiple AI chatbots and online platforms, highlighting how modern cyber campaigns can rapidly spread intimidation far beyond their original targets.