Digital Crosshairs: Iran-Linked “Handala” Group Offers $30K Bounties for Israeli Engineers

A new wave of pressure targeting Israeli professionals linked to the defense sector has moved beyond conventional cyberattacks and into the realm of personal intimidation. A group allegedly connected to Iran has shifted its tactics toward public doxxing and cash bounties for information about specific individuals.

According to The Jerusalem Post, the hacker collective known as “Handala” has announced rewards of up to $30,000 for information on more than a dozen Israelis it describes as developers and engineers involved in the Patriot, Arrow, and David’s Sling air defense systems. The group has already published personal details of its targets on its platforms, including photographs and contact information, accompanied by explicit threats. While the newspaper notes that it cannot independently verify the accuracy of all the disclosed data, the materials have already spread widely across Arabic-language media outlets and Telegram channels, including some affiliated with Hamas.

The disclosures are part of a broader campaign dubbed “RedWanted,” under which new lists of allegedly defense-related Israelis are released every Saturday. Earlier installments included larger, more indiscriminate compilations—for example, naming supposed members of Unit 8200—with individual bounties in some cases set at $10,000 for information on a person’s whereabouts or activities. The report emphasizes that the campaign’s website hosts personalized threats and employs an interface deliberately designed to incite harassment, even overlaying crosshairs on photographs when users hover over them.

The article also places these actions in the context of Handala’s previous operations. The group has been linked to Iranian intelligence services; the Jerusalem Institute for Strategy and Security has stated that Iran has been using Handala at least since late 2023. Among the incidents attributed to the group is a January 2025 attack on Israeli kindergartens, during which alert systems were disrupted at approximately 20 locations.

On August 22, 2025, Handala claimed responsibility for breaches of several Israeli organizations, including the Weizmann Institute and a number of commercial companies. In September 2025, Canada’s Rapid Response Mechanism (RRM Canada) reported a “hack-and-leak” campaign targeting journalists from Iran International, noting that the dissemination of stolen data was further amplified through the use of multiple AI chatbots.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy