In an era when headlines tend to warn of a “digital Pearl Harbor” — a catastrophic cyberattack that could darken an entire country or paralyze its water supply — it turns out that, often, the enemy would rather simply get inside our heads and manipulate them.
Psychological terror
A new and comprehensive study by the International Institute for Counter-Terrorism at Reichman University, published as Israel and Iran enter another round of fighting, finds that the Iranian hacker group Handala, which has become a familiar and troubling name in Israel’s cyber arena in recent years, is far less focused on destroying physical systems and far more focused on managing a sophisticated and aggressive campaign of psychological terror and cognitive influence.
2 View gallery
Iranian cyberattack. The goal is often simply psychological terrorism
(Photo: Screenshot)
The study, published in the academic journal Studies in Conflict & Terrorism, was conducted by Professor Gabriel Weimann and Daniel Haberfeld. The researchers analyzed more than 200 posts by the group on social media and its website between 2023 and 2026, using advanced natural language processing tools and qualitative content analysis.
The conclusion emerging from the data is clear: Handala, operating as an official proxy of Iran’s Intelligence Ministry, uses cyber intrusions mainly as a pretext or lever. Its central goal is not causing long-term, real infrastructure damage, but creating panic, demoralization, weakening public resilience and deepening internal fractures in Israeli society.
Part of modern warfare
This represents another evolutionary stage in the history of modern warfare, combining the cyber world with psychological warfare. While Chinese cyber groups, such as Volt Typhoon, prefer to operate in total darkness for months or even years to establish quiet, covert access to critical infrastructure in the United States and Europe, and while groups identified with North Korea focus mainly on industrial espionage or robbing banks and cryptocurrency platforms to fund the regime, Handala’s model is much closer to the Russian “hack-and-leak” strategy.
This method is well known from Moscow’s digital interference in the 2016 U.S. presidential election, as well as from the activity of the Iranian group Moses Staff, which previously operated in Israel using similar methods.
Reichman University researchers found that Handala’s activity is managed like a well-scripted television drama. Its campaigns are built in fixed stages: first come threats and vague hints, then the attack itself is revealed with fanfare, and finally the stolen information is released gradually and in fragments.
This tactic is designed to ensure the incident remains at the center of public and media attention for weeks, thereby amplifying the psychological effect of each individual breach. To heighten anxiety, the group adopts the narrative of a “defender of the Palestinian people” exposing hidden truths, and sends threatening messages emphasizing technological superiority and the illusion of constant surveillance, such as the familiar wording: “We see everything.”
The target arena itself underwent an interesting shift over the period studied. While the group’s efforts once focused mainly on the private sector, alongside academic, government and media institutions, recent years have shown a clear and deliberate shift toward targeting public figures and Israeli politicians, including senior security officials and even former Prime Minister Naftali Bennett.
That choice is entirely calculated: Targeting well-known figures ensures much broader and faster media resonance, and allows the group to portray Israel’s national defense mechanisms as vulnerable and helpless while exploiting political polarization.
Still, the institute’s researchers stress that the focus on psychology should not be interpreted as technological weakness. The assumption that Handala lacks significant physical offensive capabilities is mistaken and dangerous. The choice of cognitive warfare is a matter of strategic goals set by the regime in Tehran, and those goals could change at any moment depending on geopolitical developments.
In the current reality, in which the keyboard serves as a weapon for shaping consciousness, citizens’ mental resilience and public awareness become the first line of national defense, no less than technological firewalls.