Threats Feed|Handala|Last Updated 02/10/2024|AuthorCertfa Radar|Publish Date16/07/2024

Handala Hack Intensifies Cyberattacks on Israeli Critical Infrastructure

  • Actor Motivations: Exfiltration,Sabotage
  • Attack Vectors: DDoS,Ransomware,Phishing
  • Attack Complexity: Medium
  • Threat Risk: Low Impact/Low Probability

Threat Overview

Handala has been targeting Israeli critical infrastructure and entities since December 2023. Their activities include phishing campaigns, ransomware attacks, and website defacements, often releasing partial evidence of success to bolster their reputation. Notable incidents include attacks on Israel's Iron Dome radar systems, a ransomware assault on Ma’agan Michael Kibbutz, and an alleged data breach of Zerto, a Hewlett Packard Enterprise subsidiary. The group utilizes sophisticated methods, including phishing links and attachments, to compromise and exfiltrate sensitive data. Handala is considered a serious cyber threat, primarily targeting Israel's critical sectors.

Reference and Credit: Cyberint - July 2024

Handala Hack: What We Know About the Rising Threat Actor

Detected Targets

TypeDescriptionConfidence
CaseDRS RADA
RADA Electronic Industries Ltd. is a global defense technology company focused on proprietary radar and legacy avionics systems. DRS RADA has been targeted by Handala as the main target.
Medium
CaseF5
F5 Networks, Inc. is an American multinational technology company that develops and sells SaaS-based security, application delivery networking (ADN) products and services. F5 has been targeted by Handala with abusive purposes.
Verified
CaseMa'agan Michael
Ma'agan Michael is a kibbutz in northern Israel. Located on the Mediterranean Sea coast between Haifa and Hadera, it falls under the jurisdiction of Hof HaCarmel Regional Council. In 2022 it had a population of 2,074. Ma'agan Michael is among Israel's largest and most financially independent kibbutzim. Ma'agan Michael has been targeted by Handala as the main target.
Medium
CaseMa'ale Yosef Regional Council
The Ma'ale Yosef Regional Council is a regional council in the Upper Galilee, part of the Northern District of Israel, situated between the towns of Ma'alot-Tarshiha and Shlomi. Its offices are located in Gornot HaGalil. Ma'ale Yosef Regional Council has been targeted by Handala as the main target.
Medium
CaseZerto
Zerto provides disaster recovery, ransomware resilience and workload mobility software for virtualized infrastructures and cloud environments. Zerto has been targeted by Handala as the main target.
Medium
SectorHigh-Tech
High
SectorInformation Technology
High
RegionIsrael
Verified

Extracted IOCs

  • handala[.]cx
  • handala[.]to
  • sjc1.vultrobjects[.]com
  • 8bdd1cb717aa2bd03c12c8b4c9df2d94
  • 8f69c9bb80b210466b887d2b16c68600
  • 336167b8c5cfc5cd330502e7aa515cc133656e12cbedb4b41ebbf847347b2767
  • 454e6d3782f23455875a5db64e1a8cd8eb743400d8c6dadb1cd8fd2ffc2f9567
  • 64c5fd791ee369082273b685f724d5916bd4cad756750a5fe953c4005bb5428c
  • 6f79c0e0e1aab63c3aba0b781e0e46c95b5798b2d4f7b6ecac474b5c40b840ad
  • aae989743dddc84adef90622c657e45e23386488fa79d7fe7cf0863043b8acd4
  • ad66251d9e8792cf4963b0c97f7ab44c8b68101e36b79abc501bee1807166e8a
  • ca9bf13897af109cb354f2629c10803966eb757ee4b2e468abc04e7681d0d74a
  • e28085e8d64bb737721b1a1d494f177e571c47aab7c9507dba38253f6183af35
  • f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3
  • fe07dca68f288a4f6d7cbd34d79bb70bc309635876298d4fde33c25277e30bd2
  • 31[.]192.237.207
  • hxxps://sjc1.vultrobjects[.]com/f5update/update.sh
download

Tip: 17 related IOCs (1 IP, 3 domain, 1 URL, 0 email, 12 file hash) to this threat have been found.

Overlaps

UnknownIranian Attack Group's Phishing Campaign Targets Israeli Economy with F5 Impersonation

Source: Israel National Cyber Directorate - December 2023

Detection (eight cases): 64c5fd791ee369082273b685f724d5916bd4cad756750a5fe953c4005bb5428c, 6f79c0e0e1aab63c3aba0b781e0e46c95b5798b2d4f7b6ecac474b5c40b840ad, 8bdd1cb717aa2bd03c12c8b4c9df2d94, 8f69c9bb80b210466b887d2b16c68600, ad66251d9e8792cf4963b0c97f7ab44c8b68101e36b79abc501bee1807166e8a, ca9bf13897af109cb354f2629c10803966eb757ee4b2e468abc04e7681d0d74a, e28085e8d64bb737721b1a1d494f177e571c47aab7c9507dba38253f6183af35, fe07dca68f288a4f6d7cbd34d79bb70bc309635876298d4fde33c25277e30bd2

Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.

About Affiliation
Handala
View Handala's Insights