Handala, an Iran-linked threat actor, has targeted US troops in Bahrain via WhatsApp influence messages claiming the service members are under surveillance and threatening attacks with Shahed drones and Kheibar and Ghadeer missiles. The group—linked to Iran’s Ministry of Intelligence and Security and tied to incidents like the disruptive Stryker attack and the publication of 2,379 US Marine Corps records—uses custom malware, multiple wipers and Telegram-based C2 for intelligence and influence operations. #Handala #Stryker
Keypoints
- Handala sent WhatsApp messages to US troops in Bahrain claiming surveillance and imminent drone and missile attacks.
- The group published personal information of 2,379 US Marine Corps members and boasted about the leak on Telegram.
- U.S. authorities link Handala to Iran’s Ministry of Intelligence and Security (MOIS) and note the group has operated under many aliases since at least 2008.
- Handala claimed responsibility for a disruptive attack on Stryker, alleging the wiping of over 200,000 systems via compromised Microsoft Intune credentials.
- The actor employs custom malware, commercial tools, social engineering, multiple wipers (BiBi Wiper, CoolWipe, ChillWipe, Hamsa, Hatef), and the Telegram Bot API for C2.
Read More: https://www.securityweek.com/iranian-cyber-group-handala-targets-us-troops-in-bahrain/