November 26, 2025 2 Minute Read

The Handala hacker group has recently published a list of Israeli high-tech and aerospace professionals, accompanied by aggressive, misleading descriptions labeling them as criminals. Most of the data appears to have been scraped from LinkedIn, with no evidence of wrongdoing by the individuals. Some entries remain unverified, raising further questions. This activity represents a serious risk of cyber intimidation and emphasizes the need for vigilance and protective measures for those targeted.

Handala’s Publication

Figure 1. A post published on Handala’s webpage.

During our ongoing dark web monitoring of cyber activity, a recent publication by the Handala hacker group was identified, targeting individuals associated with Israel’s high-tech and aerospace sectors. The group accompanied the release with unpleasant descriptions, labeling these individuals as criminals. The group released a list of supposed Israeli professionals and publicly offered a financial reward for any additional personal information about them.

Figure 2. Some of the specialists featured on Handala’s post.

This escalation is concerning, as it highlights a serious shift from general propaganda and accusing to active attempts at doxxing and intelligence collection against private-sector employees.

Figure 3. Handala’s statement promising a reward for information on one of the featured specialists on its post.

During our analysis of the Handala hacker group’s recent activity, it became evident that the dataset they published appears to rely heavily on publicly available professional information, most likely scraped from LinkedIn.

However, the entries contain notable inconsistencies: some individuals left their companies years ago; others do not hold senior or technically sensitive roles, and a few have no clear connection to the high-tech sector at all. Several profiles could not be traced or verified, raising concerns that some identities may be fabricated, placeholders, or drawn from unverifiable sources.

These discrepancies suggest that the group may be supplementing LinkedIn scraping with manipulated data or simply assembling a list with little regard for accuracy. Regardless of the exact method, the indiscriminate collection and framing of ordinary professionals as targets, paired with hostile incentives for additional information, signals a serious escalation in geopolitically motivated doxxing.

Such actions pose a direct risk to the privacy, safety, and reputations of legitimate workers and illustrate how publicly available data can be weaponized to intimidate or socially engineer individuals at scale. It underscores the importance of notifying affected persons where possible, monitoring for further targeting, and recognizing that similar tactics could easily be directed at individuals in other countries, potentially endangering innocent people and disrupting their professional and personal lives.

Conclusion

The Handala hacker group’s recent activity underscores a troubling trend in geopolitically motivated cyber operations: the targeted collection of personal and professional data to publicly discredit or intimidate legitimate workers.

While this campaign focused on high-tech professionals in Israel, similar tactics could easily be applied to individuals in other countries, turning publicly available information into a weapon to damage reputations, sow distrust, or even incite harassment.

This type of activity demonstrates the need for heightened awareness, robust personal data hygiene, and proactive monitoring, as such campaigns can unfairly endanger ordinary individuals who have no connection to the alleged issues, disrupting both professional and personal lives.

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from LevelBlue.