Iran-linked hacking group thrusts Israeli defence supplier into cyber spotlight

An Iran-linked hacking group has claimed it breached PSK Wind Technologies, an Israeli defence supplier that says it develops command-and-control shelters, communications systems and other integrated solutions for defence and homeland security customers. Material circulated online on 2 April was presented by the group, Handala, as proof of a deep intrusion into a company tied to sensitive military infrastructure. Independent verification of the full scope of the claimed breach, however, remained limited at the time of writing.

The claim has drawn attention because PSK is not an obscure industrial subcontractor. On its website, the company describes itself as a developer and manufacturer of defence solutions built around communications systems, advanced monitoring systems, command-and-control shelters and ground control stations. A 2022 market announcement linked to MTI Wireless Edge’s acquisition of a majority stake in PSK said the company serves government and defence industry customers on strategic projects and employs staff with high security clearances in Israel.

Handala’s allegation was amplified by cyber-focused outlets and regional media, which said the hackers had released sensitive files connected to Israeli military systems. Yet the available public reporting stops short of establishing, with documentary certainty, exactly what was taken, whether the data are authentic in full, and what operational effect the intrusion may have had on Israeli military networks themselves. That distinction matters in cyber conflict, where leak campaigns are often designed not only to steal intelligence but also to shape perception, unsettle targets and magnify political pressure.

Cybersecurity researchers have for months warned that Handala is more than an online nuisance brand. Check Point Research said in March that “Handala Hack” is an online persona operated by Void Manticore, also known as Red Sandstorm and Banished Kitten, an actor it linked to Iran’s Ministry of Intelligence and Security. According to the researchers, the group combines intrusion, data theft, public leaking and destructive wiping techniques, and has shown a preference for hands-on operations inside victim networks rather than purely automated campaigns.

That assessment has been reinforced by action from United States authorities. On 19 March, the Justice Department said it had disrupted Iranian cyber-enabled psychological operations associated with Handala after the persona claimed a destructive malware attack on a US-based medical technology firm on 11 March. Reuters later reported that the group restored its web presence after domain seizures, underlining how quickly such actors can reconstitute infrastructure even after law-enforcement action.

Handala has also stayed in the headlines through other high-profile claims. Reuters and the Associated Press reported in late March that the group claimed responsibility for breaching the personal email account of FBI Director Kash Patel, releasing historical emails and photographs. The FBI confirmed the compromise of Patel’s personal account, while saying the exposed material was old and not tied to government business. Reuters also said experts viewed the activity as part of a broader Iranian effort to embarrass and intimidate opponents through public cyber operations.

Set against that backdrop, the PSK case fits a pattern that worries military planners far beyond Israel. Rather than going directly after a heavily defended armed-forces network, an attacker may gain leverage by hitting vendors, engineers, logistics providers or software and communications contractors embedded in the wider defence supply chain. If the claim against PSK proves substantially accurate, it would highlight the continuing vulnerability of support companies whose systems may hold design data, maintenance records, network diagrams or operational correspondence that are useful even without a direct breach of frontline military platforms.

The broader lesson is that cyber conflict in the Middle East is increasingly being fought through layered campaigns where symbolic effect and technical intrusion work together. A leak attributed to an Iran-linked actor can serve several purposes at once: gathering intelligence, testing defences, embarrassing a rival, warning contractors, and signalling reach to foreign adversaries. Even when the public evidence remains incomplete, such claims force governments and companies into time-consuming incident response, verification and damage assessment.