An Iranian hacker group known as "Handala" last week published information it claimed was taken from the mobile phone of an officer serving in the IDF Spokesperson’s Unit. According to IDF officials, the device was hacked about six months ago, but the information was only recently circulated on social media. Officials said it is also possible that another device belonging to a service member in the unit, or to one of its sections, was also breached.
In posts on X and Instagram, the group shared contact details taken from the device, including full names and phone numbers. It also published various texts, including analyses of media situation assessments. In one post, the group claimed it had hacked accounts of the "Zionist army" and obtained information from them, including phone numbers and details about "spies located in countries of the Axis of Resistance."
Following the incident, an internal message was circulated among the unit’s commanders. The message said that "the Iranian hacker group Handala hacked a phone belonging to a service member in the unit about six months ago," and that all the phone numbers stored on the device have now been published. It also noted suspicions that another device belonging to a service member in the unit or one of its sections may have been breached as well.
The message included instructions aimed at preventing similar incidents. Personnel were told not to answer calls from unidentified numbers, not to click on suspicious links and to block any contact from unidentified sources. Commanders were also asked to review the leaked file, identify whether any of their personnel appear in it and ensure they are familiar with the relevant procedures.
In a conversation with ynet, a former service member in the unit whose details appeared in the hackers’ publication said no one from the IDF Spokesperson’s Unit had contacted her to inform her of the incident. She said she reached out to Israel’s National Cyber Directorate and was told the case is known to the relevant authorities.
The IDF said in response: "The matter is under review. An initial examination indicates this is a past incident that has been recirculated, not a breach that occurred recently. We emphasize that there is no suspicion of damage to information security. Following the publication of the phone number list, information security guidelines and procedures were distributed to personnel. The IDF operates continuously to protect the security of its service members in cyberspace."