Iran hackers claim coordinated cyberattack paved way for strikes on UAE port

Iranian hackers claimed that today’s strikes on Fujairah oil facilities were part of a coordinated cyber-physical offensive targeting the United Arab Emirates port city.

The National, a state-owned English-language UAE newspaper, reported that an Iran drone attack hit the Fujairah Oil Industry Zone, sparking a blaze that injured three Indian citizens. The UAE’s Ministry of Defence also said that Iran fired four cruise missiles at the country; three were intercepted and one fell into the sea, officials said, calling the day’s events a  “dangerous escalation” of hostilities.

The Wall Street Journal reported that Fujairah, which sits along the Gulf of Oman, has been critical for moving some of the country’s oil exports while avoiding the Strait of Hormuz, thus the attack was significant for striking “at the heart of the United Arab Emirates’ oil escape hatch.”

Handala, a hacking group linked to the Iranian government, claimed credit for a massive wiper attack on a U.S. medical technology company at the start of the Iran war and, later, the breach of the FBI director’s personal email. Yet the group declared at the time a ceasefire began in early April that although it would not recognize a cessation in hostilities it had still “postponed overt confrontation” with the United States per “highest leadership” orders.

Today, Handala claimed in a Telegram post that Fujairah was a “coordinated hybrid cyber and missile attack” with the Islamic Revolutionary Guard Corps and “a fully coordinated operation” that began with their breach of port systems and was followed by kinetic attacks “minutes later.”

“This operation once again demonstrates the convergence of cyber and missile warfare on the same battlefield,” the group said.

Handala posted a handful of unverified images of what appeared to be customs documents and photos of cargo that they said were seized in the cyber breach, and claimed they had “thousands of classified documents — including contract details, ship traffic, financial transactions, and highly confidential maps of Fujairah’s oil pipelines and infrastructure.” They claimed that maps seized by hackers were then used by the IRGC for missile targeting.

The hacking group proceeded to threaten other sectors, saying that the UAE would be targeted “not just in your ports and airspace, but in the very heart of your society and economy” for its collaboration with the United States and Israel.

Three days before the April 8 ceasefire began, Handala claimed that they were poised to inflict water, electricity and oil sector attacks on the United States and its allies of a caliber to “send your lives back to the Middle Ages” if the U.S. hits Iran’s power grid, as President Donald Trump had threatened.

After the two-week ceasefire between the U.S. and Iran was announced, Handala said it “continues its cyber operations” against Israeli infrastructure “at full force” despite following orders to suspend “overt” operations against the United States.

“Rest assured: when the time comes, the darkest of nights will have only just begun for America and all its supporters,” the group vowed. Handala also claimed that some of its hackers have been among the war’s death toll.

Handala has also been recruiting, issued an April 6 appeal to “all cyber resistance fighters” to “join the united front of cyber struggle.”