Threat IntelligenceEmerging Threats

Handala's Israeli Radar Claim Sparks Skepticism

Analyst 207||Source: SecurityMag
Radar system installed on a raised platform in a desert landscape under a clear blue sky.

At stake for Israel, Iran and the wider cyber community is whether the Iranian-linked hacker group Handala in fact disrupted Israeli radar systems on the same day the two countries exchanged missile fire — a claim that, as of publication, rests on Handala’s Telegram posts and a skeptical assessment by SOCRadar.

What Handala publicly claimed

Handala announced on its Telegram channel that it had launched a "widespread and targeted" disruption to Israeli radar systems on the day Israel and Iran traded missile fire, the first such exchange since a ceasefire two months earlier. The group posted screenshots in support of its claims, and also asserted access to systems tied to the Kfar Yona Municipality.

SOCRadar’s five reasons for skepticism

Security researchers at SOCRadar published a skeptical appraisal of Handala’s announcement and listed five specific reasons to doubt that Israeli radar systems were compromised:

  • Evidence shared does not support the claim: SOCRadar said the screenshots on Handala’s Telegram channel are inconsistent with access to a military radar system and instead suggest compromise of a municipal phone system.
  • The claim comes wholly from one side of an active conflict: SOCRadar noted that no other sources have corroborated Handala’s assertion.
  • There has been no response from Israel: According to SOCRadar, neither the Israel National Cyber Directorate, the IDF, nor the Israeli media have acknowledged the claim — a pattern the researchers said aligns with how the nation has handled previous statements from Handala.
  • The timing and language indicate potential propaganda: SOCRadar observed that making such a claim during missile strikes presents, narratively, Israel’s defenses as weakening from physical and cyber fronts at once.
  • Handala’s prior fabrications: SOCRadar recalled that Handala has previously been caught fabricating evidence for claims.

What the posted screenshots actually suggest

SOCRadar’s analysis focuses squarely on the artefacts Handala published. Rather than showing imagery or telemetry consistent with military radar systems, SOCRadar said the screenshots align with access to a municipal phone system and the group’s own statements about Kfar Yona Municipality. That distinction is central to the dispute over whether any critical national air-defence capability was affected.

Silence from official Israeli channels

SOCRadar reported no public acknowledgement from the Israel National Cyber Directorate, the IDF, or Israeli media about a radar compromise. The researchers explicitly linked that silence to past handling of Handala’s statements, implying a consistent posture by Israeli authorities of not publicly confirming or denying such claims in the immediate aftermath.

How technologists, municipalities and adversaries are likely to respond

Technologists and security teams will scrutinize the screenshots and any associated indicators for forensic signals that distinguish a municipal telephony compromise from a military radar intrusion; SOCRadar’s point about the screenshots’ content gives them a concrete analytic thread to follow.

Municipal leaders and local IT operators — exemplified by the Kfar Yona Municipality named in Handala’s posts — have reason to examine telephony and municipal service logs for unauthorized access, since the publicly shared artefacts are more consistent with those systems than with radar arrays.

Adversaries and threat actors, including Handala itself, will likely continue to use timing and rhetorical framing as a force multiplier: SOCRadar flagged the group’s choice to announce a cyber disruption on the same day as missile exchanges as a move with propagandistic effect.

Conclusion

The current record, as set out by Handala’s Telegram posts and SOCRadar’s public analysis, draws a sharp line between what was claimed and what the published evidence appears to show: screenshots and municipal-access indicators on one hand, an uncorroborated assertion of radar disruption on the other. With no independent corroboration and no acknowledgement from the Israel National Cyber Directorate or the IDF, the claim remains contested. The concrete question the facts leave open is simple: will independent forensic verification or an official response emerge that ties the published artefacts to radar systems rather than municipal telephony?

Source: SecurityMagazine — Did Handala Disrupt Israeli Radar Systems?

Cyber EspionageEmerging ThreatsIranIsraelNation-StateHandalaTelegramRadar SystemsHacker GroupsSocradar
Related Intelligence

Continue Reading

Laptop and workstation setup with a blank screen amidst a clean environment.

Shai-Hulud Malware Targets Python Packages, Exposes Developer Secrets

Hundreds of thousands of downloads of 19 popular Python packages were compromised in a massive supply-chain attack that stole developer secrets, courtesy of the Shai-Hulud malware. The malicious packages, disguised as useful bioinformatics and science tools, were actually designed to expose sensitive information.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit institutional server room with a cityscape visible…

IBM, AT&T Face Allegations of Concealing Data Breaches

A shocking lawsuit alleges that tech giants IBM and AT&T may have concealed massive data breaches, with Chinese hackers reportedly infiltrating IBM's network over 56,000 times between 2013 and 2016. The allegations, made by a former IBM vice president, claim the company knowingly kept the breaches under wraps.

Analyst 207
Smartphone displaying WhatsApp conversation with suspicious link on a clean, minimalist surface.

WhatsApp Disrupts NSO Group's Spyware Phishing Campaigns

Meta's WhatsApp team swiftly sprang into action, disrupting a sophisticated spyware phishing campaign linked to the NSO Group after investigating user reports of targeted social-engineering attacks. They successfully stopped the attackers' attempts to trick people into clicking malicious links that could have put their data at risk.

Analyst 207
Person browsing on a laptop in a busy coffee shop with blurred background.

China Exploits Job Sites for Spying on Five Eyes Targets

Be cautious on job sites - Chinese spies are posing as recruiters on LinkedIn, Indeed, and Upwork to trick Five Eyes targets into divulging sensitive information. They're using clever social engineering tactics to make their scams seem all too believable.

Analyst 207