Handala Hack
Handala Hack is a hacktivist persona linked to Iran’s Ministry of Intelligence and Security (MOIS) and described in the source content as the most prominent Iranian persona. In the reported period following the Feb. 28, 2026 U.S.-Israeli offensive against Iran, Handala Hack was identified among pro-Iranian and state-aligned actors involved in retaliatory cyber activity. Reported activity attributed to Handala Hack includes claims of compromising an Israeli energy exploration company, compromising Jordan’s fuel systems, and targeting Israeli civilian healthcare in an effort to create domestic pressure shortly before the kinetic war began. The content also states that Handala Hack reportedly targeted an Iranian-American and an Iranian-Canadian influencer with death threats by email and claimed to have leaked their home addresses to physical operatives. No aliases or sub-groups are provided in the content.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Tradecraft
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Associated malware families
2 malware families attributed to this actor across reporting.
Recent activity
No public activity tracked yet. Mallory keeps watching.
No public activity observed for this threat actor.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.