Conversation

Notices

1. Embed this notice
   Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 09-Oct-2024 06:04:14 JST Kevin Beaumont

   Handala's latest is a dump allegedly of Ron Prosor's emails, who they originally mentioned 8 days ago.

   50k emails, again looks like a personal email account. #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 26-May-2024 18:45:42 JST Kevin Beaumont

     Some ‘free Palestine’ hacktivist style group called Handala have been defacing websites and claim to exfiltrate data. https://handala.to/ #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 19-Sep-2024 18:21:59 JST Kevin Beaumont

     in reply to

     Handala, a wiper group posing as a ransomware group who target Israeli companies, claims IIB (Israeli Industrial Batteries) supplied explosive batteries for pagers and Vidisco supplied Xray machines which didn’t detect said batteries.

     They claim they will be releasing 6tb of data for IIB and 8tb of data for Vidisco. I tried phoning one of the companies, who said they have an IT issue.

     #threatintel #handala

   • Embed this notice
     uzayran (uzayran@cyberplace.social)'s status on Thursday, 19-Sep-2024 19:08:28 JST uzayran

     in reply to

     @GossiTheDog If this is true that means we have backdoors in the X-Ray machines in 86% of all air- and seaports? And Israel risked exposing that for a local terror attack? That is insane.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 19-Sep-2024 22:34:36 JST Kevin Beaumont

     in reply to

     Wrote up the Handala Hack Team thing while on lunch as it was too nuts not to. https://doublepulsar.com/hacker-group-handala-hack-team-claim-battery-explosions-linked-to-israeli-battery-company-5bea086280cd

   • Embed this notice
     ISO8601 (iso8601@cyberplace.social)'s status on Thursday, 19-Sep-2024 22:44:24 JST ISO8601

     in reply to

     @GossiTheDog Ehm.... the Vidisco thing could potentially be a Big Problem, for <reasons>

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 19-Sep-2024 22:46:33 JST Kevin Beaumont

     in reply to

     Handala Hack Team have started posting files on Telegram. They were kicked off Telegram multiple times prior, they're back on a different username.

   • Embed this notice
     Marcus Hutchins :verified: (malwaretech@infosec.exchange)'s status on Friday, 20-Sep-2024 07:12:08 JST Marcus Hutchins :verified:

     in reply to

     @GossiTheDog Have you or anyone looked at the data yet? I'm interested to hear more

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 20-Sep-2024 18:02:27 JST Kevin Beaumont

     in reply to

     Handala have released what they claim is source code showing a backdoor in Vidisco scanners, which are used by ports and airports to scan cargo.

     Post contains reference to Hodhod drones, which is an Iranian UAV.

   • Embed this notice
     Eleanor Saitta (dymaxion@infosec.exchange)'s status on Saturday, 21-Sep-2024 02:46:57 JST Eleanor Saitta

     in reply to

     @GossiTheDog
     Post the link?

   • Embed this notice
     Eleanor Saitta (dymaxion@infosec.exchange)'s status on Saturday, 21-Sep-2024 02:52:43 JST Eleanor Saitta

     @GossiTheDog
     The xcode project

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 21-Sep-2024 03:15:30 JST Kevin Beaumont

     in reply to

     The Latest on the Handala Hack Team situation with Vidisco and Israeli Industrial Batteries (IIB) breach claims is the file sharing site hosting the downloads say they have received DMCA complaints.

     So far only outlets in Italy and Iran have picked up the story, and have done so fairly responsibly, i.e. not saying the claims are true.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 24-Sep-2024 03:43:53 JST Kevin Beaumont

     in reply to

     I have just published a big update on the Handala situation regarding Vidisco at the bottom of my original post.

     tl;dr: They are owned.

     https://doublepulsar.com/hacker-group-handala-hack-team-claim-battery-explosions-linked-to-israeli-battery-company-5bea086280cd

     #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 24-Sep-2024 03:49:11 JST Kevin Beaumont

     in reply to

     Expect to read 0 about this from your threat intelligence providers btw, there's a cone of silence around this one.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 24-Sep-2024 04:26:25 JST Kevin Beaumont

     in reply to

     Handala are currently up on https://t.me/Handala_backup on Telegram.

     Comes complete with a 1 minute data dump announcement video with reasonable production quality.

     There's a lot of time and effort gone into the group's recent efforts, it's a little bit better than NoName and the like.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 24-Sep-2024 20:59:15 JST Kevin Beaumont

     in reply to

     Handala are now going after Israeli politician Gabi Ashkenazi.

     I think what they’re doing is compromising personal cloud accounts. #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 25-Sep-2024 00:05:29 JST Kevin Beaumont

     in reply to

     The journalist looking at Handala Hack Team has been told to stop looking at it.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 25-Sep-2024 01:50:31 JST Kevin Beaumont

     in reply to

     Handala say they plan to post 2k photos from Benny Gantz’ phone in response to rocket attacks. I think my theory they’re targeting Israel’s political’s cloud accounts is looking more likely. #threatintel

   • Embed this notice
     dm (_dm@infosec.exchange)'s status on Wednesday, 25-Sep-2024 03:58:39 JST dm

     in reply to

     @GossiTheDog I don't mean to be dumb, but how would an X-ray scanner backdoor work? Like, how would an object being scanned trigger the backdoor?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 26-Sep-2024 02:54:31 JST Kevin Beaumont

     in reply to

     Handala appear to have gained access to former Israeli PM Ehud Barak’s personal phone, publishing a series of messages alleging various things and lots of photos and identity documents #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 26-Sep-2024 03:10:07 JST Kevin Beaumont

     in reply to

     If you’re reading this thread and thinking ‘why isn’t this mentioned anywhere outside of Gossi The Dog’s toots?’ - that’s a good question. #threatintel

   • Embed this notice
     VessOnSecurity (bontchev@infosec.exchange)'s status on Thursday, 26-Sep-2024 03:48:05 JST VessOnSecurity

     in reply to

     @GossiTheDog This from Telegram again? How many times have they been kicked out of there?

   • Embed this notice
     drunkenjohn (drunkenjohn@cyberplace.social)'s status on Thursday, 26-Sep-2024 03:58:14 JST drunkenjohn

     in reply to

     @GossiTheDog Opsec includes not leaving out glaring omissions from your coverage. Focusing only on when Russia or China does bad tells....a story.

   • Embed this notice
     Guelfo Alexander Ghibellini (guelfoalexander@cyberplace.social)'s status on Thursday, 26-Sep-2024 04:51:00 JST Guelfo Alexander Ghibellini

     • VessOnSecurity

     @GossiTheDog @bontchev shouldn't it be possible to report that Telegram group? how come they get again on? I mean, their actions may be full of good intentions, but Telegram's TOS do not allow such sort of public groups/channels

   • Embed this notice
     Guelfo Alexander Ghibellini (guelfoalexander@cyberplace.social)'s status on Thursday, 26-Sep-2024 04:56:21 JST Guelfo Alexander Ghibellini

     • VessOnSecurity

     @GossiTheDog @bontchev should have been improved since some days due to the "french kiss" 😅, Pavel tells there are special groups of moderators on particular arguments, TOS have been improved, and most important, now they do disclose data to law enforcement. https://t.me/durov/345

   • Embed this notice
     Guelfo Alexander Ghibellini (guelfoalexander@cyberplace.social)'s status on Thursday, 26-Sep-2024 05:34:16 JST Guelfo Alexander Ghibellini

     • VessOnSecurity

     @GossiTheDog @bontchev well, hes tecnically still under arrest, he cant leave Fr so hes just enjoying the stay LOL, but give him time, hell fix everything

   • Embed this notice
     CryptoLek (cryptolek@infosec.exchange)'s status on Thursday, 26-Sep-2024 20:06:27 JST CryptoLek

     in reply to

     @GossiTheDog Handala just dumped 60K emails allegedly from Gabriel Ashkenazi's gmail account. It comes in 2 archived parts

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 28-Sep-2024 20:06:02 JST Kevin Beaumont

     in reply to

     Handala Hack Team are very annoyed #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 29-Sep-2024 07:16:24 JST Kevin Beaumont

     in reply to

     Handela allege they are doing a hack and leak of Soreq Nuclear Research Center in Israel. So far their leak claims have been true.. although the document leaks haven’t resembled all of their claims about the contents to the best of my knowledge.

     They also claim journalists in Israel have been told not to cover Handela, which I believe has foundation.

     #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 29-Sep-2024 07:18:46 JST Kevin Beaumont

     in reply to

     The entire cyber industry coverage of a clear Iranian cyber group doing actual cyber activity during a war: #threatintel #handela

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 29-Sep-2024 07:28:23 JST Kevin Beaumont

     in reply to

     They’ve also done a dump of emails belonging to Gabi Ashkenazi. #threatintel #handela

   • Embed this notice
     Brett M (bt444@mstdn.social)'s status on Sunday, 29-Sep-2024 07:29:01 JST Brett M

     in reply to

     @GossiTheDog Iran did it. source: trust me bro

   • Embed this notice
     Ravi Nayyar (ravirockks@infosec.exchange)'s status on Sunday, 29-Sep-2024 07:30:03 JST Ravi Nayyar

     in reply to

     @GossiTheDog Putting our cyber colleagues aside, why aren’t the cyber journos at specialist/mainstream outlets covering Handala?

   • Embed this notice
     Alex (alex02@cyberplace.social)'s status on Sunday, 29-Sep-2024 10:57:21 JST Alex

     in reply to

     @GossiTheDog I've been busy with other projects and school...

   • Embed this notice
     Paul Shread (pshread@masto.ai)'s status on Tuesday, 01-Oct-2024 04:29:49 JST Paul Shread

     in reply to

     @GossiTheDog Any confirmation on the Vidisco backdoor claims?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 01-Oct-2024 16:33:51 JST Kevin Beaumont

     in reply to

     Handala Hack Team appear to be doing a hack and leak of Ron Prosor (Israel’s ambassador in Germany) next #threatintel #handela

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 02-Oct-2024 07:14:26 JST Kevin Beaumont

     in reply to

     • NetBlocks

     Handela claim to have taken Bezeq offline. Fact check with @netblocks

     #threatintel #handela

   • Embed this notice
     Isik Mater :BlobHajMlem: (isik5@mastodon.social)'s status on Wednesday, 02-Oct-2024 07:43:21 JST Isik Mater :BlobHajMlem:

     in reply to

     • NetBlocks

     @GossiTheDog @netblocks There are indications of very slight impact to Bezeq but, assuming this is Handala, it hasn’t knocked out the network to the extent of previous attacks.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 02-Oct-2024 07:46:18 JST Kevin Beaumont

     in reply to

     Assuming Handala mean network connectivity, their claims do not check out. I guess it is possible they mean something else, eg system wiping. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 02-Oct-2024 18:41:19 JST Kevin Beaumont

     in reply to

     Today Handala have a dump of 110k emails from/to former Israel PM. Emails are again collected from a personal email account. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 02-Oct-2024 18:45:48 JST Kevin Beaumont

     in reply to

     Israel PM office has acknowledged they are dealing with an incident at Soreq referenced above, but no safety impact. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 03-Oct-2024 06:21:58 JST Kevin Beaumont

     in reply to

     Handala are saying they’ve sent 1 million messages, whatever that means. Anybody in Israel got any strange texts? #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 03-Oct-2024 06:29:13 JST Kevin Beaumont

     in reply to

     Crap web defacement of Haderi Haredim sites #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 04-Oct-2024 00:24:31 JST Kevin Beaumont

     in reply to

     Handala have posted an Iranian propaganda video, with “Great News For Shin Bet On The Way” #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 04-Oct-2024 04:32:31 JST Kevin Beaumont

     in reply to

     Handala claims to have performed a supply chain attack on Shin Bet, the Israel Security Agency, they say allowing them to install software on managed mobile phones.

     The photos provided appear to show access to some kind of Mobile Device Management platform. They also provided a data dump.

     #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 04-Oct-2024 04:55:53 JST Kevin Beaumont

     in reply to

     In the screenshots as evidence, one shows a phone screenshot using Maps - at a Kosher bar in Hackney in London.

     Additionally, the screenshot of the list of devices almost all have ‘test’ in the device name. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 04-Oct-2024 08:13:13 JST Kevin Beaumont

     in reply to

     The Handala claim of hacking Shin Bet mobiles via a supply chain hack does not appear to stack up.

     They appear to have used material from NativCell, who provide internet filtering and management for Haredim (strictly Orthodox).

     It’s part of a pattern with Handala where they take some access and spin it to mean something it doesn’t. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 06-Oct-2024 17:38:39 JST Kevin Beaumont

     in reply to

     Handala claim to have done a hack and wipe of MaxShop, a point of sale vendor in Israel.

     I have confirmed their website was defaced and has been taken offline. https://maxshop.co.il #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 07-Oct-2024 00:00:49 JST Kevin Beaumont

     in reply to

     MaxShop’s website is still offline. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 07-Oct-2024 01:32:24 JST Kevin Beaumont

     in reply to

     Handala have posted 300gb of what they claim is IBB - Israel Industrial Batteries - internal data.

     Previously they claimed they had access, but hadn’t provided proof.

     #handala #threatintel

   • Embed this notice
     Alex (alex02@cyberplace.social)'s status on Monday, 07-Oct-2024 01:40:10 JST Alex

     in reply to

     @GossiTheDog probably full of shit.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 07-Oct-2024 06:31:13 JST Kevin Beaumont

     in reply to

     MaxShop’s website has changed to a Plesk default site. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 07-Oct-2024 18:16:19 JST Kevin Beaumont

     in reply to

     Handala have done a defacement of Silver Shadow, a small exporter of licensed firearms.

     https://silver-shadow.com/

     #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 07-Oct-2024 19:51:52 JST Kevin Beaumont

     in reply to

     Silver Shadow’s website has gone offline, displaying a Wordpress error page. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 07-Oct-2024 21:52:08 JST Kevin Beaumont

     in reply to

     MaxShop’s website is back online. Contains no reference to what happened. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 07-Oct-2024 22:42:51 JST Kevin Beaumont

     in reply to

     Silver Shadow’s website is back online. Makes no reference to what happened. #handala #threatintel

   • Embed this notice
     Random_Seed (random_seed@bitbang.social)'s status on Tuesday, 08-Oct-2024 01:12:44 JST Random_Seed

     in reply to

     @GossiTheDog defacing a website is one thing, claiming an extensive data breach is another. Did they in fact compromise their systems?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 08-Oct-2024 02:42:39 JST Kevin Beaumont

     in reply to

     Handala are now upset with Yair Golan, in particular highlighting his comments about a possible attack on Iran.

     Contains the usual, a picture dump - so far no email dump. #handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Thursday, 10-Oct-2024 18:46:40 JST Kevin Beaumont

     in reply to

     Handala’s latest dump is of a podcasting platform called Doscast. Email addresses and encrypted passwords. #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 13-Oct-2024 20:54:24 JST Kevin Beaumont

     in reply to

     Handala claim they used a MaxShop SMS account to send 5 million messages. Their screenshot and my translated version below. #threatintel #handala

   • Embed this notice
     ericshmeric (ericshmeric@cyberplace.social)'s status on Friday, 18-Oct-2024 06:25:15 JST ericshmeric

     in reply to

     @GossiTheDog A friend in .il said his network was hit with this wiper last week. MO seems similar to Handala's. He said the trigger was the same email from ESET and payload hosted on their infra too.

     https://forum.eset.com/topic/42733-government-backed-attackers-may-be-trying-to-compromise-your-device-email/

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 26-Oct-2024 12:08:15 JST Kevin Beaumont

     in reply to

     Obviously, Handala are awake. #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 26-Oct-2024 18:15:29 JST Kevin Beaumont

     in reply to

     Handala have deleted their previous message and replaced it with this. #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 27-Oct-2024 01:33:24 JST Kevin Beaumont

     in reply to

     Handala claim they are doing a “ultra big wipe” #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 27-Oct-2024 19:08:42 JST Kevin Beaumont

     in reply to

     Handala claim to have hacked and wiped 74 servers at AGAS - https://www.agas.co.il - an Israeli MSP, MSSP and cloud reseller.

     I’m not sure the size of the org stacks up with Handala’s claim. Also, 74 servers is not a lot.

     I’ve reached out to AGAS to see if they want to comment.

     #threatintel #handala

   • Embed this notice
     meriksson (meriksson@swecyb.com)'s status on Sunday, 27-Oct-2024 19:23:04 JST meriksson

     in reply to

     @GossiTheDog Depends on what type of servers I imagine.

     74 Windows servers with some normal stuff, not that big.

     74 ESX hosts holding thousands and thousands of VM’s, sligthly bigger of a deal.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 29-Oct-2024 02:56:15 JST Kevin Beaumont

     in reply to

     Handala claim to have released 10gb of customer data for AGAS.

     It does appear AGAS has a security incident going on. AGAS declined to comment when asked.

     #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 30-Oct-2024 20:54:34 JST Kevin Beaumont

     in reply to

     AGAS have confirmed to me they are dealing with a cyber incident from Handala. #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 30-Oct-2024 23:15:07 JST Kevin Beaumont

     in reply to

     Handala have been banned from TikTok, one day after joining. #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 30-Oct-2024 23:22:42 JST Kevin Beaumont

     in reply to

     Handala say have hacked and dumped IM Cannabis aka IMC - https://imcannabis.com/ - using their access via AGAS, their MSP.

     They also implicate another company, NDN Security - https://www.ndn-security.com/

     #threatintel #handala

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Monday, 04-Nov-2024 16:33:41 JST Kevin Beaumont

     in reply to

     Handala claims to have done a leak and wipe of Elad municipality.

     Elad's website is offline, and there's an Israeli media report of some kind of cyber incident.

     Handala typically over exaggerate data volumes exfiltrated.

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Tuesday, 05-Nov-2024 18:46:02 JST Kevin Beaumont

     in reply to

     Handala are again claiming to have hacked Soreq, the nuclear safety org. I have in the past confirmed Soreq had a cybersecurity incident related to Handala, via the International Atomic Agency. #Handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Wednesday, 06-Nov-2024 17:16:21 JST Kevin Beaumont

     in reply to

     Handala have posted photos and internal diagrams of, they claim, Shimon Peres Negev Nuclear Research Center.

     The data appears to have come from Soreq. I have confirmed Soreq was owned, via the IAEA.

     #Handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Friday, 15-Nov-2024 06:02:55 JST Kevin Beaumont

     in reply to

     A few things have happened with Handala over the past few days which I haven’t covered - they’ve been dumping cloud backup photos and making threats, including about family members. I didn’t want to cover it.

     All but one of the Handala Telegram channels has been shut down tonight.

     #Handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 24-Nov-2024 01:08:48 JST Kevin Beaumont

     in reply to

     Handala continues to be crazy town, with data dumps of what is allegedly to be SSV Network, a blockchain company.

     Handala claim they can link it (SSV Network) to Unit 8200, the Israeli intelligence agency. So far this appears to be without proof.

     I’m going to guess, based on this post, they plan to post more tomorrow about Unit 8200.

     #Handala #threatintel

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 24-Nov-2024 20:19:56 JST Kevin Beaumont

     in reply to

     So with the Unit 8200 stuff and Handala, their latest claim is they gained access to Silicom Limited (an IT services and networking company) and exfiltrated data, and that Silicom is a front company for Unit 8200.

     Presented evidence includes a video accessing an internal VMware vCentre cluster with about 50tb of storage.

     #Handala #threatintel

   • Embed this notice
     Sig. Ug. (sig_ug@infosec.exchange)'s status on Sunday, 24-Nov-2024 22:42:29 JST Sig. Ug.

     in reply to

     @GossiTheDog Do you have an opinion on whether deplatforming would dampen activity by this and similar groups? If they didn't have their Telegram channel or similar account to brag about their hacks, would they continue at the same rate?

   • Embed this notice
     Kevin Beaumont (gossithedog@cyberplace.social)'s status on Sunday, 24-Nov-2024 22:42:29 JST Kevin Beaumont

     in reply to

     • Sig. Ug.

     @sig_ug who knows. They get booted from Telegram all the time, Mossad appears to be all over Handala, Cyber Toufan and Anonymous for Justice.. but they just make new channels