A recently-created website lists the actions for which Handala asserts responsibility.

Wednesday's include attacks on American medical equipment supplier Stryker and payments company Verifone, which makes many point-of-sale card machines as well as software.

Handala's messages, also posted to its X social media account and a Telegram channel, cite the war between the US, Israel and Iran as a motive for its actions.

"This attack is a decisive and direct response to the Zionist regime's airstrikes targeting banking infrastructure," it wrote about Verifone Wednesday.

"Every blow will be met with an even greater response."

While Handala's claims are making waves now, its first publicly-known activities date back to late 2023, according to several observers of the cybercrime world.

Named for a cartoon character representing the Palestinian people, Handala was at first classified as a "hacktivist" group supporting their cause.

Like many cybercrime groups, other outfits with which it is frequently associated may simply be aliases.

But many experts are now convinced it is tied to the Iranian state.

Handala is "the most prominent Iranian persona" in the hacktivist world, according to a note published in late February by the research arm of American cybersecurity firm Palo Alto Networks.

"They are the most notorious group affiliated with the Iranian regime," Gil Messing of Israeli cybersecurity company Check Point said Wednesday.

"We have been tracking them for years and believe they operate on behalf of (Iran's) ministry of intelligence and security."

The Handala group appears to use a variety of methods.

It has claimed attacks on infrastructure as well as posting personal information belonging to Israeli air force personnel online.

"Threat actors such as Handala... have prioritised the Israeli defence industrial base," Google's Threat Intelligence arm said in February.

"The objective of these campaigns is not merely disruption but the degradation of Israel's national security apparatus through the exposure of military capabilities, the intimidation of defense sector employees... and the erosion of public trust in the security establishment," the company added.

mng/tgb/pdw

STRYKER

VERIFONE SYSTEMS

X

CHECK POINT SOFTWARE TECHNOLOGIES

GOOGLE