Mastodawn

Kevin Beaumont Oct 8, 2024

Handala's latest is a dump allegedly of Ron Prosor's emails, who they originally mentioned 8 days ago. Ron is the Ambassador of Israel to Germany. Telegram post includes death threats.

50k emails, again looks like a personal email account. #threatintel #handala

Edit: I broke the thread on this, the prior ones are at https://cyberplace.social/@GossiTheDog/113267372575167506

Kevin Beaumont (@[email protected])

Attached: 1 image Handala are now upset with Yair Golan, in particular highlighting his comments about a possible attack on Iran. Contains the usual, a picture dump - so far no email dump. #handala #threatintel

Cyberplace

Kevin Beaumont Oct 10, 2024

Handala’s latest dump is of a podcasting platform called Doscast. Email addresses and encrypted passwords. #threatintel #handala

Kevin Beaumont Oct 13, 2024

Handala claim they used a MaxShop SMS account to send 5 million messages. Their screenshot and my translated version below. #threatintel #handala

Kevin Beaumont Oct 26, 2024

Obviously, Handala are awake. #threatintel #handala

Kevin Beaumont Oct 26, 2024

Handala have deleted their previous message and replaced it with this. #threatintel #handala

Kevin Beaumont Oct 26, 2024

Handala claim they are doing a “ultra big wipe” #threatintel #handala

Kevin Beaumont Oct 27, 2024

Handala claim to have hacked and wiped 74 servers at AGAS - https://www.agas.co.il - an Israeli MSP, MSSP and cloud reseller.

I’m not sure the size of the org stacks up with Handala’s claim. Also, 74 servers is not a lot.

I’ve reached out to AGAS to see if they want to comment.

#threatintel #handala

Kevin Beaumont Oct 28, 2024

Handala claim to have released 10gb of customer data for AGAS.

It does appear AGAS has a security incident going on. AGAS declined to comment when asked.

#threatintel #handala

Kevin Beaumont Oct 30, 2024

AGAS have confirmed to me they are dealing with a cyber incident from Handala. #threatintel #handala

Kevin Beaumont Oct 30, 2024

Handala have been banned from TikTok, one day after joining. #threatintel #handala

Kevin Beaumont Oct 30, 2024

Handala say have hacked and dumped IM Cannabis aka IMC - https://imcannabis.com/ - using their access via AGAS, their MSP.

They also implicate another company, NDN Security - https://www.ndn-security.com/

#threatintel #handala

Homepage new - IMCannabis

IMCannabis

Kevin Beaumont Nov 4, 2024

Handala claims to have done a leak and wipe of Elad municipality.

Elad's website is offline, and there's an Israeli media report of some kind of cyber incident.

Handala typically over exaggerate data volumes exfiltrated.

#Handala #threatintel

Kevin Beaumont Nov 5, 2024

Handala are again claiming to have hacked Soreq, the nuclear safety org. I have in the past confirmed Soreq had a cybersecurity incident related to Handala, via the International Atomic Agency. #Handala #threatintel

Kevin Beaumont Nov 6, 2024

Handala have posted photos and internal diagrams of, they claim, Shimon Peres Negev Nuclear Research Center.

The data appears to have come from Soreq. I have confirmed Soreq was owned, via the IAEA.

#Handala #threatintel

Kevin Beaumont Nov 14, 2024

A few things have happened with Handala over the past few days which I haven’t covered - they’ve been dumping cloud backup photos and making threats, including about family members. I didn’t want to cover it.

All but one of the Handala Telegram channels has been shut down tonight.

#Handala #threatintel

Kevin Beaumont Nov 23, 2024

Handala continues to be crazy town, with data dumps of what is allegedly to be SSV Network, a blockchain company.

Handala claim they can link it (SSV Network) to Unit 8200, the Israeli intelligence agency. So far this appears to be without proof.

I’m going to guess, based on this post, they plan to post more tomorrow about Unit 8200.

#Handala #threatintel

Kevin Beaumont Nov 24, 2024

So with the Unit 8200 stuff and Handala, their latest claim is they gained access to Silicom Limited (an IT services and networking company) and exfiltrated data, and that Silicom is a front company for Unit 8200.

Presented evidence includes a video accessing an internal VMware vCentre cluster with about 50tb of storage.

#Handala #threatintel

@GossiTheDog Whoever named it "Silicom" wanted so much to make a pun on "silicon" that he didn't realize that it sounds like "silly com(pany)".