Threat actor Handala infiltrated Iran Internation’s WhatsApp and internal systems, revealing only a fraction of their extensive access gained over 31 months. The breach underscores long-term malicious presence impacting #Iran.
Incident Details
- Victim: Iran Internation WhatsApp and Internal Access
- Country:
- Actor: handala
- Source: http://vmjfieomxhnfjba57sd6jjws2ogvowjgxhhfglsikqvvrnrajbmpxqqd.onion/?p=450
- Discovered: 2025-07-09 08:50:28.528839
- Published: 2025-07-09 08:49:58.453535
Information
- Targeted Iran Internation WhatsApp and internal access.
- Actor identified as Handala.
- Perpetrators saw only the tip of the iceberg, indicating deeper infiltration.
- Assumed only Telegram was compromised, but attackers had established a persistent presence beneath the surface.
- The attack lasted for over 31 months, without a single night or season of interruption.
Disclaimer: This post is based on public claims made by the ransomware group "handala". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.