HANDALA , an Iran-linked threat actor, this week targeted US troops in Bahrain in an influence campaign carried out on WhatsApp, with messages signed Handala claiming service members were under surveillance and would soon be targeted by Shahed drones and Kheibar and Ghadeer missiles. According to SOCRadar, Handala has boasted on its Telegram channel about publishing the personal information of 2,379 US Marine Corps members stationed in the Persian Gulf, a move tied to the broader campaign.
The group, also tracked under several aliases including Handala Hack and Banished Kitten, has been active since at least 2008 and has previously targeted Israeli organisations, among other victims. Handala claimed in past messaging to have wiped out over 200,000 systems using compromised administrator credentials in Microsoft Intune, and it has asserted hacks of FBI Director Kash Patel’s personal Gmail account, for which the US later posted a $10 million reward for information leading to arrests.
The US Navy warned about Iran’s influence campaigns earlier this month, and Handala leverages wipers and the Telegram Bot API for command-and-control, illustrating a shift toward direct threats to military personnel.