TEHRAN – For decades, the U.S. and Israel have sold the image of their cyber defenses as an absolute fortress, a multi-billion-dollar architecture designed to ensure that while American and Israeli forces struck the region, they themselves would remain untouchable behind layers of code.

That illusion has evaporated. At the center stands Handala, a hacking collective named for Naji al-Ali’s iconic refugee child who turns his back on an unjust world. Today, that child is fighting.

Since the commencement of the recent U.S.-Israeli war on Iran, Handala has evolved into a strategic front of the Axis of Resistance, proving that empires built on technological hubris are far more fragile than their marketing suggests.

Blood debts and the Stryker wipeout

When American-made munitions turned an Iranian elementary school in Minab into a graveyard, killing 120 children and dozens of school staff in a single afternoon, the Resistance’s retaliation extended far beyond the front lines. They ensured the cost was also extracted in the West’s most precious currencies: digital sovereignty and military intelligence.

A few days after the massacre, Handala delivered a masterclass in asymmetric retaliation. Targeting the Stryker Corporation, a technology giant deeply entwined with the Pentagon, the group bypassed traditional malware.

They also hijacked Microsoft Intune administrative credentials to remotely wipe 200,000 devices across 79 countries.

Factories stalled, logistics networks evaporated, and a $25 billion pillar of the military-industrial complex ground to a halt. The message across the dark screens of Stryker’s global offices was clear: “Betrayal of the oppressed yields only disgrace.”

Dismantling Israel’s brain trust

For years, Handala sat silently within the Institute for National Security Studies (INSS), the primary think tank of Israeli intelligence. When the floodgates opened, 66,000 emails from former intelligence chief Tamir Hayman and 55,000 from analyst Raz Zimmt spilled into the public domain.

These were a roadmap of the regime’s anxieties, revealing failed defense strategies and the internal realization that the resistance had achieved parity.

The humiliation climbed straight to the top. In December 2025, Handala breached former Prime Minister Naftali Bennett’s iPhone 13 in “Operation Octopus,” leaking contact lists with senior officials, internal communications, sensitive documents, and personal family photos. Bennett himself was forced to admit the compromise.

This was followed by the April exposure of former military chief Herzi Halevi. Among the 19,000 files was the viral clip of him hiding beneath a piano during a missile alert. It shattered the myth of unshakable military leadership, revealing instead a command paralyzed by private fear. The leak also included images of Halevi meeting Arab officials, including a photo from Qatar showing him alongside former U.S. CENTCOM commander Michael Kurilla beneath a portrait of Emir Tamim bin Hamad Al Thani.

These high-profile breaches built upon years of earlier penetrations that had already shredded Israel’s elite circles: over 110,000 emails from Ehud Barak, nearly 50,000 from Gabi Ashkenazi, and more than 100,000 sensitive files from the Israel Police.

No sanctuary for the aggressors

The digital battlefield has now moved from servers into the pockets of those waging the war. In an operation that sent shockwaves through the Pentagon, Handala exposed the identities and personal data of 2,379 U.S. Marines alongside tens of thousands of Navy personnel stationed across the Persian Gulf.

Thousands of American service members received chilling WhatsApp messages: “Say goodbye to your families; our missiles have your coordinates.” This personalized psychological warfare forced U.S. bases into immediate lockdowns.

Even the FBI was not spared; shortly after the U.S. government seized Handala’s domains, the group retaliated by breaching the personal Gmail of FBI Director Kash Patel, mocking the agency’s inability to protect its own chief while it hunts ghosts in the machines.

The reach of the collective has expanded to also include regional enablers. The UAE’s Port of Fujairah, a critical fuel hub for the U.S. fleet, saw 11,000 sensitive documents leaked, while Dubai’s judicial and transport authorities lost petabytes of data in a massive purge.

From the blueprints of the Iron Dome exfiltrated from PSK Wind Technologies to the personal files of former U.S. envoy Robert Malley, the message remains consistent: there is nowhere left to hide.

In an era of hybrid conflict, Handala demonstrates how determined actors can impose lasting costs, amplify resistance voices, and keep the spirit of defiance alive.