Handala claims major cyberattack on Israeli police, exfiltrates 2.1 terabytes of sensitive data

In a significant escalation of cyber hostilities, the Handala hacking group, suspected of having ties to Iranian intelligence, has announced a substantial breach of Israel’s police systems. The group claims to have exfiltrated 2.1 terabytes of sensitive data, encompassing confidential information. This includes personnel records, weapons inventories, medical and psychological profiles, legal case files, weapon permits, and identity documents. Handala further asserts that it has publicly disseminated 350,000 of these documents.

The compromised data reportedly contains email addresses, gun licenses, photographs and personal contact details of officers, classified documents, and personal information about suspects and convicted criminals, including details about sex offender employment permits. Additionally, Handala alleges it has accessed the personal files of police officers, including psychological evaluations and other private data, and has breached the servers of the Israeli Ministry of National Security.

In response to these claims, the Israeli police have denied any direct penetration of their systems. Their statement suggests that if a breach occurred, it likely involved third-party entities that share data with the police. An investigation is underway to determine the true extent of the incident and identify any vulnerabilities.

This alleged breach follows a pattern of disruptive cyber activities by Handala targeting Israeli entities, particularly since the escalation of the Israeli-Hamas conflict. Reports indicate that Israel has become a prime target for Iranian cyber operations, experiencing a significant increase in attacks. Handala’s activities reflect this trend, with escalating data breaches targeting Israeli institutions.

In October 2024, the group was suspected of involvement in a phishing campaign targeting cybersecurity personnel within Israeli organizations with wiper malware, aiming to disrupt the country’s digital defenses. In September 2024, Handala targeted Israel’s Soreq Nuclear Research Center in a significant ransomware attack.

More recently, on January 27, 2025, the group compromised the emergency alert system operated by Israeli electronics firm Maagar-Tec, impacting at least 20 kindergarten educational institutions across Israel. This breach triggered widespread panic with false terror alerts.

In a post on BreachForums dated February 9, 2025, Handala not only claimed responsibility for the latest attack but also taunted Israel, emphasizing their success in penetrating defenses and exposing secrets while accusing Israel of arrogance and deception. The group reiterated their slogan, "Handala does not forget. Handala does not forgive."

The Israeli authorities are actively investigating these claims to assess the potential impact on national security and to implement measures to prevent future breaches.