This post is also available in:
עברית (Hebrew)
Cyber operations are increasingly becoming a parallel front in modern conflicts, where disruption, data exposure and psychological impact can accompany or even replace traditional battlefield actions. A recent campaign attributed to the Handala Hack Team illustrates how such tactics are evolving, combining data breaches with destructive attacks and coordinated messaging.
The group has claimed to have obtained and published more than 100,000 personal emails linked to a former senior Israeli intelligence official. According to Cyber News, the data was made available through a leak site along with sample documents, including what appear to be official records and correspondence covering several years. The content reportedly includes discussions on regional security issues and internal assessments.
At the same time, the same actor has been linked to a separate cyber incident targeting a large medical technology company. In that case, the group claimed to have carried out a wiper-style attack designed to erase data at scale. The company later stated that the incident had been contained and recovery efforts were underway, suggesting that defensive measures were able to limit operational damage.
From a technical perspective, the campaign reflects a combination of intrusion methods and post-breach tactics. Hack-and-leak operations focus on extracting sensitive information and releasing it publicly to generate pressure or influence perception. Wiper attacks, by contrast, aim to destroy data and disrupt systems, often using legitimate software tools within the compromised environment.
Security researchers associate the group with a broader network of threat actors known for combining these techniques. Their operations often target sectors such as government, finance, education and healthcare, indicating a focus on both symbolic and operational impact.
For defense and homeland security organizations, such campaigns highlight the need to address both cyber resilience and information exposure. The release of sensitive communications can have strategic implications beyond immediate technical damage, affecting decision-making processes and public perception.
As cyber operations continue to develop, the integration of data theft, system disruption and information dissemination is becoming more common. This approach allows attackers to amplify the effect of a single intrusion, turning technical access into broader influence across multiple domains.
