Iran hackers claim hit on Holocaust survivors
Iran hackers who have struck and threatened various infrastructure sectors today claimed to have “completely breached” the largest Israeli nonprofit providing care and support services to elderly Holocaust survivors.
In the claim posted on their Telegram and X accounts, the Handala hacking group posted several images of documents including Hebrew-language forms and scans of identification cards that they said were among more than a terabyte of data allegedly swiped from the “National Center for Holocaust Victims’ Support,” while citing and linking to the k-shoa.org site for The Foundation for the Welfare of Holocaust Victims. According to the foundation’s English-language site, 36% of Israel’s Holocaust survivors struggle to meet their basic needs and the nonprofit assists survivors with nursing care, medical services, food and other material support, and social support.
“All databases, classified documents, confidential emails, and sensitive correspondence from this center have been fully extracted and dumped,” the hackers claimed.
Handala, a hacking group linked to the Iranian government, claimed credit for a massive wiper attack on a U.S. medical technology company at the start of the Iran war and, later, the breach of the FBI director’s personal email. The group declared at the time a ceasefire began in early April that although it would not recognize a cessation in hostilities it had still “postponed overt confrontation” with the United States per “highest leadership” orders.
Earlier this month, Handala claimed in a Telegram post that strikes on Fujairah oil facilities were part of a coordinated cyber-physical offensive with the IRGC targeting the United Arab Emirates port city — “a fully coordinated operation” that began with their breach of port systems and was followed by kinetic attacks “minutes later.”
In a May 18 post, Handala warned members of Iran’s forces and their families to “strictly refrain from using or carrying any electronic devices” and using messaging or social media apps, avoid using bank cards or online payment methods, ensure their VPN kill switches are enabled and Google search history is disabled, and more.
On May 21, Handala said that they have detected “preparations for the renewed outbreak of military conflict in the coming days” and would respond to U.S. and Israeli actions with “devastating” widespread attacks targeting energy and IT infrastructure. Handala said they believed more war is coming based on “an investigation into certain covert accesses” into U.S. and Israeli “military and security systems.”
Handala said today that they posted more than 2 million documents from the Holocaust survivors’ foundation on their website and accused Israeli defense companies of “constantly inflating numbers” of Holocaust victims for their own benefit.
They dedicated what they called “an unprecedented and multi-layered cyber operation” to “FPV Ababil warriors of Hezbollah … who will soon ensure” that the historical Holocaust toll “is realized … far sooner than anyone imagines.”
This refers to the first-person-view kamikaze drones that use fiber-optic guidance to bypass traditional counter-drone electronic jamming systems. IDF Chief of Staff Lt. Gen. Eyal Zamir on Friday called the FPV drones a “challenge” and said “operational and technological solutions are already in the stages of development and implementation” to counter the attacks.
Handala also posted photos purportedly from their March breach of FBI Director Kash Patel’s personal email and taunted him about the reward offered for their capture.
In March, when the Department of Justice announced that they had seized four domains tied to the Islamic Republic of Iran’s Ministry of Intelligence and Security — including two Handala sites — officials noted that “in addition to these enforcement actions, the Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information on any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse.” The announcement linked to the general global “Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure” call for information on the Rewards for Justice website.
“Seriously, when are you going to send over that ten million dollars reward you put up for capturing Handala’s members?” Handala said to Patel today. “You haven’t sent an email, not a single update! Sweetheart, at this rate, do we have to come collect the reward ourselves?”