Iranian Hackers Breach Former IDF Chief's Personal Data, Leak 19,000 Files

Severity: High (Score: 76.0)

Sources: Intellinews, Haaretz, Middleeasteye

Summary

On April 9, 2026, the Iranian-linked hacking group Handala announced it had breached the personal devices of former Israeli Chief of Staff Herzi Halevi, leaking over 19,000 sensitive files. The leaked materials include private photos, videos, and documents from Halevi's phone, showcasing meetings with Arab officials and U.S. military leaders. Handala claimed to have maintained access to Halevi's system for years, suggesting a long-term infiltration. The leaked content also features personal details, including family photos and ID documents. This incident marks a significant escalation in cyber operations targeting Israeli security officials, following previous leaks involving other high-ranking figures. The Shin Bet has raised concerns over Iran's intelligence-gathering efforts, which have resulted in espionage charges against several Israeli citizens. The IDF has not publicly commented on the breach, which is seen as one of the most severe cyber incidents involving a senior figure in Israel's military. Handala has previously targeted various Israeli officials, indicating a pattern of state-sponsored cyber operations. Key Points: • Handala leaked over 19,000 files from former IDF Chief of Staff Herzi Halevi's personal devices. • The leaked materials include sensitive military documents and personal information. • This incident highlights ongoing Iranian cyber operations against Israeli security officials.

Key Entities

• Handala (apt_group)
• Data Breach (attack_type)
• Malware (attack_type)
• Stryker Corporation (company)
• Google (company)
• Iran (country)
• Israel (country)
• Qatar (country)
• United States (country)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1485 - Data Destruction (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• ICloud (platform)
• Telegram (platform)
• Microsoft Intune (platform)