Handala
Intelligence Profile
Handala is a pro-Palestinian hacktivist group that targets Israeli organizations, employing tactics such as phishing, data theft, extortion, and destructive attacks using custom wiper malware. The group utilizes a multi-stage loading process, including a Delphi-coded second-stage loader and an AutoIT injector, to deliver wiper malware that specifically targets Windows and Linux environments. Their phishing campaigns often exploit major events and critical vulnerabilities, masquerading as legitimate organizations to gain initial access. Handala operates a data leak site to publicize stolen data, although claims of successful attacks are sometimes disputed by targeted organizations.
Threat Analysis
Handala is a known-sophistication threat actor attributed to PS, engaged in cyber operations with a primary motivation of hacktivism.
As a hacktivist-aligned entity, Handala conducts operations driven by ideological, political, or social grievances, typically through website defacements, DDoS attacks, and the leaking of sensitive data to advance a public narrative.
Ransomware Victims (194)
CTIWATCH tracks 194 organizations claimed as victims by Handala on its data leak site, with attack dates, sectors and countries.
View full victims list →Known Campaigns
Handala is conducting an active ransomware campaign targeting organizations across 2 countries. Primary targets: Energy, Public Sector, Technology. 13 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 7 Apr 2026).