Israeli research institution hit by pro-Palestinian data extortion group
According to the website of the pro-Palestinian data extortion gang known as the Handala Hack Team, the Weizmann Institute of Science, a prominent Israeli research institution located in Rehovot, was among its latest victims today.
The Weizmann Institute of Science is one of Israel’s primary research universities. Its key research focus encompasses chemistry, physics, mathematics, computer science, biology, and many other fields. This would ostensibly make the Weizmann Institute of Science its ninth Israeli-based victim.
Below is the ransom note left behind by the attackers, containing taunting and otherwise juvenile overtones, tailored to serve as a public spectacle, but also aimed to psychologically humiliate and destabilize the victim:
The ransom note does not mention any specific amount to pay but encourages the institution to initiate contact and negotiate terms by saying, “Just reach out to us.”
Handala included a link to their Telegram channel and posted samples of the allegedly stolen data siphoned from the institute, reinforcing the validity of the attack and the authenticity of the theft. Additionally, their site features a comment box, allowing both the public and the victims to communicate directly with the hackers.
Ideologically driven data theft
The origins of Handala (also known as Handala Hack) are relatively recent, emerging in December 2023, and rapidly started gaining notoriety due to a series of cyberattacks aimed at Israeli entities.
The group’s overall operational structure, from the targets it selects, how it communicates, and the kind of propaganda it spreads, is strongly indicative of a highly politicized and strategic hacktivist group. Whether ransoms are paid or not is ostensibly irrelevant because either way, Israeli companies are pierced proverbially by a double-edged sword.
Cybersecurity experts believe the group is a pro-Palestinian hacktivist collective and is responsible for several high-profile cyberattacks targeting Israeli institutions. Furthermore, the group harbors a strong parallel ideology with countries along the Mediterranean that oppose the Israeli State, many of which stand with Palestinian nationalism.
The group takes its name, “Handala,” from a well-known cartoon character created by Palestinian artist Naji al-Ali, an enduring symbol of resistance and exile within Palestinian culture.
Numbered among the group’s targets were major Israeli entities, such as the petroleum giant Delek Group and its subsidiary, Delkol. Handala claimed to have stolen over 2 TB of sensitive data and then later dumped 300,000 classified documents.
In another attack, the group targeted AeroDreams, an Argentinian drone manufacturer, which the group accused of working with the Israeli Air Force. The group exfiltrated around 400 GB of files, which included sensitive information pertaining to pilot training and drone logistics. According to reports, this attack was part of a much larger campaign to target entities linked to Israel, similar to the Delek Group.