An Iranian hacker group is reported to have carried out a major data hack affecting several Israeli security agencies.
The resulting data leak is said to contain a large amount of sensitive information, such as personal data and classified documents, and could have far-reaching consequences for Israel’s continued security efforts.
The Iranian hacker group, Handala, allegedly broke into the Israeli Defense Forces’ SSV network, an advanced blockchain system reportedly used by Mossad to finance covert operations abroad.
Iranian hackers breach the Israeli Mossad’s SSV blockchain network and exposes sensitive intelligence data
The Handala group managed to hack the SSV blockchain and obtain what they say is 8 terabytes of data, some of which exposes classified Unit 8200 documents. It alleged that… pic.twitter.com/2942IFyG9e
— MintPress News (@MintPressNews) November 20, 2024
The breach reportedly resulted in the hackers gaining access to large amounts of data, including identity documents, contracts, emails and logs from the network’s nodes and clusters. According to the Indian newspaper Republic World, citing Iranian sources, the data leak is estimated to be around 8 terabytes.
The material is also said to include developers’ identities, know-your-customer documents and the network’s source code, which could mean that the entire security structure and functionality of the network may have been exposed.
The SSV blockchain network has been promoted as extremely secure in the past, and it is said that Mossad previously promised a million dollars to anyone who manages to identify vulnerabilities in the protocol. It is unclear at this point whether this offer still stands, and if so, whether the Iranian hackers might claim the reward.
Among the verified details from the list of leaked data, it appears that Colonel Moshe Tetro’s personal details are included in the leaked material. Tetro, who heads the COGAT Coordination and Liaison Administration for Gaza, has previously stated that he believes that “there is no humanitarian crisis” in Gaza, claiming that “tens of trucks loaded with food” reach the area every day.
The current data leak comes at a time when Israel has already been rocked by reports of a previous leak of sensitive documents, which took place in early September earlier this year. According to Le Monde, it involved information that allegedly hampered ongoing operations in Gaza, including efforts to free Israeli hostages. Prime Minister Benjamin Netanyahu has been linked to the leak, which has drawn strong criticism in Israeli security circles, which have warned that such incidents could have serious consequences for the country’s security.
Ongoing cyber warfare
The alleged hacking can be seen as part of an ongoing “cyber war” that is playing out in parallel with the physical tensions between Israel and its adversaries in the region, particularly Iran and Lebanon. Unit 8200, Israel’s signals intelligence unit, has played a central role in several of the country’s most high-profile cyber operations. It was a key player in the development of the Stuxnet virus, which was used to sabotage Iran’s nuclear program, and has also carried out operations targeting Hezbollah’s communications infrastructure in Lebanon.
Recently, Prime Minister Benjamin Netanyahu confirmed that Israel was behind an attack that targeted Hezbollah’s paging network with explosive devices, causing widespread destruction. Theories have been put forward that this operation may also have involved Unit 8200, but there is no official confirmation of its role in this particular case.
The device’s possible connection to the hacked SSV protocol is also unclear. The protocol has reportedly been used by Mossad for covert operations, but it is not established whether Unit 8200 was involved in its development or operation. At the same time, the leak has raised allegations that some of the exposed documents contain classified information linked to Unit 8200, raising questions about its role in the network.
The Israeli authorities have not yet commented on the details of the alleged data leak. If the breach turns out to be as extensive as reports suggest, it could seriously undermine Israel’s ability to protect sensitive information and potentially jeopardize ongoing intelligence operations, as well as erode confidence in the country’s security infrastructure.
Handala is a hacker group that has been active since December 2023, targeting Israel's critical infrastructure and security agencies. The group uses a variety of methods, including phishing campaigns, ransomware attacks and defacing websites, and aims to strike sensitive targets in Israel. Handala has expressed support for Hamas and the Palestinian resistance movement.
The group communicates and organizes its operations through platforms such as Telegram, BreachForums and Tox. Among their more high-profile actions is an alleged breach of the Israeli podcast network "Doscast", where they claim to have obtained 3 million data records from over 100,000 users. They have also claimed responsibility for cyber-attacks against Israeli citizens, particularly through phishing methods, and openly challenged Israel's National Cyber Security Directorate through provocative statements.
Unit 8200 is a central signals intelligence unit within the Israel Defense Forces, responsible for signals intelligence (SIGINT) collection and codebreaking. Established in 1952, the unit plays a crucial role in Israel's intelligence activities and is comparable to the US National Security Agency (NSA). It is part of the military intelligence directorate Aman. According to a leaked NSA report published by The Guardian in 2013, Unit 8200, known as ISNU, has been given access to raw, unfiltered data on US citizens as part of a secret cooperation agreement with the NSA.
Unit 8200 is the largest unit in the Israel Defense Forces and consists of several thousand soldiers, mostly aged 18-21. It is known for its ability to adapt quickly to technological changes and for recruiting individuals with high technical skills. Many of its former members have gone on to found or hold senior positions in international IT companies, particularly in Silicon Valley.
The unit's activities include covert operations, cyber warfare, counterintelligence and surveillance. It has been involved in several high-profile cyber operations, including the development of the Stuxnet virus used to sabotage Iran's nuclear program. The unit has also been linked to cyber attacks against Hezbollah's communications network.
Despite its significant role in Israel's security apparatus, much of Unit 8200's activities are shrouded in secrecy, and details of its operations and structure are rarely publicly available.
