Handala post-ceasefire retaliatory cyberattack campaign targeting the U.S. and Israel
Campaign
Summary
Hide ▲
Show ▼
Handala and other pro-Iranian hackers are keeping a retaliatory cyber campaign active after the ceasefire announcement, leaving U.S. and Israeli targets at ongoing risk. Handala said it would temporarily pause attacks on the U.S. while continuing to target Israel, and it vowed to resume pressure on America later. The stance signals that the conflict-linked hacking effort is not ending with the truce and may expand again if hostilities intensify.
Related Happenings
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector Action
First: 07.05.2026 13:57
Last: 07.05.2026 13:57
Sources 1
About this happening:
**CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
Iranian-linked PLC targeting campaign against U.S. critical infrastructure
Campaign
First: 07.04.2026 21:02
Last: 07.04.2026 21:02
Sources 1
About this happening:
Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...
Iranian-linked PLC targeting campaign against U.S. critical infrastructure
CampaignAbout this happening: Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...
Iranian MOIS Telegram malware campaign targeting opposition groups
Campaign
First: 23.03.2026 11:45
Last: 23.03.2026 11:45
Sources 1
About this happening:
The **FBI** warned that **Iranian MOIS-linked hackers** are using **Telegram C2** and **social engineering** to deliver **Windows malware** against journalists, dissidents, and ot...
Iranian MOIS Telegram malware campaign targeting opposition groups
CampaignAbout this happening: The **FBI** warned that **Iranian MOIS-linked hackers** are using **Telegram C2** and **social engineering** to deliver **Windows malware** against journalists, dissidents, and ot...
Middle East retaliatory hacktivist DDoS campaign
Campaign
First: 04.03.2026 19:21
Last: 04.03.2026 19:21
Sources 1
About this happening:
A **retaliatory hacktivist DDoS campaign** has surged across the **Middle East**, creating broad disruption risk for **government** and **public-infrastructure** targets. Research...
Middle East retaliatory hacktivist DDoS campaign
CampaignAbout this happening: A **retaliatory hacktivist DDoS campaign** has surged across the **Middle East**, creating broad disruption risk for **government** and **public-infrastructure** targets. Research...
Middle East hacktivist surge targets government, banking, aviation and telecom sectors
Target Trend
First: 02.03.2026 17:00
Last: 02.03.2026 17:00
Sources 1
About this happening:
**More than 150 hacktivist incidents** were recorded between **February 28 and March 1, 2026**, marking a sharp surge in **Middle East** targeting that raised spillover risk for o...
Middle East hacktivist surge targets government, banking, aviation and telecom sectors
Target TrendAbout this happening: **More than 150 hacktivist incidents** were recorded between **February 28 and March 1, 2026**, marking a sharp surge in **Middle East** targeting that raised spillover risk for o...
Timeline
-
09.04.2026 04:22 2 articles · 1mo ago
Handala post-ceasefire retaliatory cyberattack campaign targeting the U.S. and Israel
Initial DisclosureAfter the ceasefire announcement, **Handala** narrowed its immediate focus to **Israel** while putting U.S. attacks on hold. The shift preserved retaliatory pressure and framed the campaign as a continuing conflict tool rather than a finished operation.
Show sources
- Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long — www.securityweek.com — 09.04.2026 04:22
- Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long — www.securityweek.com — 09.04.2026 04:22