The Israeli security establishment found itself at the center of a major cyber controversy on April 9, 2026, as the pro-Iranian hacker group Handala claimed it had breached the personal phone and digital accounts of former Israeli Defense Forces (IDF) Chief of Staff Lt. Gen. (ret.) Herzi Halevi. The group, which has been linked to Iranian intelligence operations, said it extracted more than 19,000 confidential files—including images, videos, and sensitive documents—over a years-long operation. The digital heist, which included the release of dozens of private photos and identification documents, has sent shockwaves through Israel’s security and intelligence communities, raising urgent questions about the vulnerabilities of even the most senior officials in an era of relentless cyber warfare.
Handala’s statement, posted on its website and social media, boasted of its access: “All your top-secret facilities, crisis rooms, maps, and even the tiniest details of your command centers have long been like an open book to us.” According to The Caspian Post, the group claimed that its surveillance of Halevi extended through his tenure as IDF chief of staff, from 2023 to 2025, and that it had archived “more than 19,000 confidential images and videos from the most secret meetings.” The hackers’ digital haul reportedly includes high-level military discussions, tours of classified bases, and even personal moments with Halevi’s family.
The authenticity of the breach was confirmed by an Israeli source familiar with the matter, who told CNN that the photos published by Handala were genuine. However, Halevi’s own representatives have declined to comment on the incident, maintaining official silence as the story continues to unfold. The source of the breach remains unclear, though cybersecurity experts speculate that Handala may have gained access through Halevi’s mobile phone or cloud-based accounts, where sensitive materials were likely stored. As Haaretz reported, “It is not yet clear how the group gained access to the photos, with one possibility being that Handala accessed Halevi's mobile phone or Google/iCloud account.”
The leaked materials are striking in both scope and content. They include photos of Halevi’s and his wife’s passports, images of him during visits to Israeli military facilities, and documentation of meetings with key figures such as former U.S. Central Command chief Michael Kurilla. In one undated photo, reportedly taken in Qatar, Halevi is seen in a meeting with Kurilla, with a portrait of Qatar’s emir visible in the background—a detail suggesting the meeting occurred between January 2023 and August 2025, when both men held their respective posts. Other images show Halevi touring the Sheikh Zayed Mosque in Abu Dhabi and meeting with Jordan’s military chief, Yousef Huneiti. In a video apparently filmed in Jordan, Halevi presents Huneiti with a dagger belonging to a Jordanian soldier killed in the Six-Day War of 1967.
Handala’s leak also included personal moments from Halevi’s life, such as family photos and a video showing him hiding under a piano as a woman enters his living room. The group did not shy away from threatening further disclosures, stating, “Every face, every commander, and every criminal pilot, clear and unblurred, are in our hands and will be revealed one by one when the time is right.” According to Middle East Eye, the hackers claim to have identified and archived the faces of hundreds of Israeli pilots, commanders, and security operatives, and they have threatened to publish more materials in the future.
Handala’s activities are not new. Over the past two years, the group has targeted a string of high-profile Israeli officials, including former Defense Minister Yoav Gallant, former Prime Minister Naftali Bennett, former IDF chief of staff Benny Gantz, and Tzachi Braverman, a former chief of staff to Prime Minister Benjamin Netanyahu. In late March 2026, Handala leaked personal correspondence and documents from former Mossad Director Tamir Pardo’s Gmail inbox, exposing residential addresses, phone numbers, and travel patterns. The group has also claimed responsibility for breaches of former Justice Minister Ayelet Shaked and published extensive internal police documents, intelligence, and air force officers’ identities.
Security officials in Israel have expressed growing concern over this pattern of “hack-and-leak” operations. In February 2026, the Shin Bet security service publicly explained that Iranian intelligence collects personal details to build comprehensive profiles on Israeli targets. This warning became more tangible when, on the same day as the Halevi leak, Shin Bet charged several Israeli citizens with producing explosives to assassinate a senior Israeli official and carrying out security missions for Iran. The Israeli government has repeatedly warned that such cyber intrusions are part of a broader Iranian strategy to retaliate against Israeli operations targeting Iranian officials and assets.
Handala, named after the iconic pro-Palestinian cartoon character symbolizing resistance, is widely considered a front for Iranian intelligence rather than the independent activist group it claims to be. As Haaretz noted, “Handala and several other groups are designed to appear as independent entities with varying specializations,” but their operations align closely with Iranian strategic interests. The group’s messaging often includes harsh criticism of Israeli military leaders, accusing them of war crimes and vowing to expose their actions. In the wake of the latest breach, Handala denounced Halevi, stating, “His record is stained with genocide, the massacre of civilians, indiscriminate bombings, and war crimes. Many of the brutal bombings of Gaza, targeted assassinations, and the destruction of civilian infrastructure were conducted under his direct leadership and orders.”
The broader context for these attacks is the ongoing, often invisible, cyber conflict between Israel and Iran. As Gil Messing, Chief of Staff at Check Point Software Technologies, told i24NEWS, “As in the past, the fact that there is a ceasefire in the kinetic war does not mean that the cyber war stops.” Messing also cautioned that claims of such breaches are sometimes exaggerated, and that hackers may hold on to stolen materials for months or even years before releasing them at moments of maximum impact. “There’s no reason to assume this attack happened recently—it’s quite possible they simply held onto the materials and waited for an opportune moment,” he said.
Despite the dramatic claims and the publication of dozens of photos and documents, the full extent and authenticity of the leak have not been independently verified. Israeli authorities have yet to confirm the precise scope of the breach or the methods used by the hackers. However, the incident highlights the increasing sophistication of cyber operations targeting high-level officials and the persistent threat posed by state-backed hacker groups in the region.
As Israel grapples with the fallout from this latest digital incursion, the episode serves as a stark reminder that, in today’s world, the frontlines of conflict are as likely to be digital as physical. The story of the Handala breach is far from over, and its implications for Israeli security—and for the broader Middle East cyber landscape—will likely reverberate for months to come.