The Handala hacking group claims to have exposed 14 Israeli engineers working on drone programs, offering $30,000 rewards for each. The threats follow attacks on politicians including Bennett, whose Telegram was compromised. Israeli security sources haven't verified the claims.
An Iranian-linked cyber group has escalated its campaign against Israel's defense sector, claiming to have identified engineers working on military drone programs and placing substantial cash bounties on their heads.
The Handala hacking group posted what it says are the identities of 14 individuals involved in developing unmanned aerial vehicles for the Israel Defense Forces and defense contractors. Each person named carries a $30,000 bounty, according to Saturday's social media announcement, says The Jerusalem Post.
According to The Jerusalem Post, Israeli officials haven't responded publicly, and security sources tell reporters the claims remain unverified. No authenticated documents or proof have surfaced to back up Handala's assertions about obtaining sensitive personnel information.
This isn't Handala's first attempt to target Israel's military-industrial complex. Days earlier, the group published similar bounty lists for engineers allegedly working on Patriot, Arrow, and David's Sling air defense systems—complete with photos, names, credentials, email addresses, locations, and phone numbers.
The authenticity of that information also hasn't been confirmed by Israeli authorities.
Handala justified the drone engineer targeting by claiming UAV systems cause civilian casualties and violate international law. The group frames its actions as retaliation against what it describes as Israel's use of autonomous weapons in military operations.
The defense engineer threats came just 24 hours after Handala warned it would launch cyberattacks against senior Israeli politicians. The group ran an online poll asking followers to vote on targets, naming National Security Minister Itamar Ben-Gvir, Blue and White chairman Benny Gantz, Likud MK Tally Gotliv, and former defense minister Yoav Gallant.
Earlier in the week, former Prime Minister Naftali Bennett confirmed his Telegram account was breached after Handala claimed access to his phone on Wednesday. That incident represents one of the few verified successes in the group's recent campaign.
Handala operates as part of Iran's broader cyber operations apparatus, though its exact relationship to Tehran's intelligence services remains murky. The group has claimed responsibility for numerous attacks against Israeli targets over the past year, ranging from website defacements to alleged data breaches.
Security researchers tracking the group note its tactics blend hacktivism with psychological warfare. Rather than causing immediate infrastructure damage, Handala typically aims to expose information, create public fear, and damage Israel's reputation.
The bounty system represents a concerning evolution. By crowdsourcing physical threats through financial incentives, the group attempts to blur lines between cyber operations and potential real-world violence.
A critical question surrounds these latest claims: Did Handala actually breach Israeli defense networks, or is this an information operation designed to spread fear?
Cyber experts point out that publishing names without supporting evidence could indicate either:
Israeli cybersecurity firms and government agencies typically don't confirm or deny such breaches immediately, as doing so could reveal operational security details to adversaries.
Whether verified or not, Handala's campaign highlights persistent vulnerabilities in how defense contractors and military personnel manage their digital footprints.
Engineers working on classified projects often maintain LinkedIn profiles, publish academic papers, or appear in company press releases—breadcrumbs that sophisticated threat actors can aggregate into detailed dossiers. Open-source intelligence gathering requires no hacking at all.
The $30,000 bounties, while seemingly modest compared to ransomware demands, target individuals rather than organizations. This personalization of cyber threats represents a psychological dimension that traditional network security doesn't address.
Defense industry insiders say the incidents will likely accelerate existing efforts to scrub personnel information from public databases and tighten operational security protocols around employee communications.
Israel faces continuous cyber threats from Iran and its proxies, with attacks intensifying during periods of regional tension. As drone warfare plays an expanding role in Middle Eastern conflicts, the engineers developing those systems have apparently become priority intelligence targets.
