Handala is a name often used by pro-Palestinian hacktivist groups, inspired by Handala, a famous Palestinian cartoon character created by Naji al-Ali.
The group said the strike was carried out in retaliation for the US attacks that killed 165 Iranian schoolchildren.
Handala said in a statement posted to its website that “we announce to the world that, in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success,” referencing both the American Tomahawk missile on the school and numerous hacking operations carried out by the US and Israel during their war against Iran.
The group added that “in this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted,” issuing a warning to “all Zionist leaders and their lobbies.”
Since US‑Israeli strikes on Iran began on Feb. 28, hackers supporting Tehran have also tried to breach surveillance cameras in neighboring countries to aid missile targeting and have attacked data centers, industrial facilities in Israel, a school in Saudi Arabia and an airport in Kuwait.
Iran has invested heavily in offensive cyber capabilities while cultivating ties to hacking groups, AP claims. It also claim that groups allegedly working for Tehran have infiltrated the email system of former President Donald Trump’s campaign, targeted US water plants, and attempted to breach networks used by the military and defense contractors.
“The goal is to wear down the American war effort, drive up the costs of energy, strain cyber resources and cause as much pain as possible for American companies that depend on the defense industry,” experts said.
US defense contractors, government vendors, and businesses that work with Israel are likely targets going forward, as are hospitals, ports, water plants, power stations, and railways. Pro-Iranian hackers openly discuss plans on Telegram and other message boards.
“The datacenters need to be taken out,” one user wrote, as uncovered by researchers at US-based SITE Intelligence Group. “They host the brains of USAs military communication and targeting systems.”
Cyber operations also gather intelligence, such as Iran’s attempts to hack cameras in neighboring countries to aid missile targeting. Infiltrating US networks could provide insight into military planning or supply chains.
The strikes on Iran’s military and internet outages may have limited Iran’s cyberattacks in the short term, but experts warn that Iranian hackers and their allies will continue targeting the weakest links in American cybersecurity.
Often, local water plants or healthcare facilities lack resources to maintain up-to-date software and security, making them prime targets for denial-of-service attacks, website defacements, or hack-and-leak operations.
“Iran and especially the proxies don’t care how big or smart you are. This is about making an impact, about creating chaos,” said James Turgal, a cybersecurity expert and former FBI agent.
Experts are monitoring whether Russia, China, or allied hacking groups may provide support to Iran. Researchers at CrowdStrike have already detected a surge of Russian hacker activity in support of Tehran since the war began.
One group, Z-Pentest, claimed responsibility for disrupting several US networks, including those involved in closed-circuit video cameras. Adam Meyers, head of counter-adversary operations at CrowdStrike, said the timing of the attack suggests the hackers targeted US interests because of the war in Iran.
“Western organizations should continue to remain on high-alert,” Meyers said.
Short link: