Iranian hacker group targets Israeli kindergartens' PA systems

An Iranian-linked cyberattack targeted kindergartens in Israel on Sunday, disrupting public address (PA) systems and infiltrating emergency systems in at least 20 locations by exploiting vulnerabilities in a private company's infrastructure.

Handala, an Iranian cyber group linked to Iran’s Ministry of Intelligence (MOIS), claimed responsibility for the attack on its Telegram channel.

Additionally, the group used another system belonging to the same company to send tens of thousands of threatening text messages to Israeli citizens.

Israel's National Cyber Directorate confirmed the breach and is working with the affected company and the Ministry of Education to address the situation.

"Citizens who received these messages are advised to block the sender and disregard the message, as it poses no harm to mobile devices," the directorate said.

Kan, Israel's public broadcaster, reported that the affected systems have now been disconnected from the wider network, with the unnamed private company responsible for the compromised units saying that it is taking steps to resolve the issue and enhance its security measures.

Last April, a day after Iran's first-ever direct military strike against Israel, the Iranian-linked hacker group Handala claimed to have breached Israel's radar systems and sent hundreds of thousands of threatening text messages to Israeli citizens.

In September, the group claimed it had successfully breached the Soreq Nuclear Research Center, alleging the theft of 197 gigabytes of data.

The hackers also published around 30 photos they claimed were taken inside the center, along with screenshots allegedly showing the names of nuclear scientists involved in the facility's particle accelerator project.

In response, the Israeli prime minister's office, speaking on behalf of the Israel Atomic Energy Commission, denied the authenticity of the images. "Following a thorough examination, the images and blueprint do not belong to any of its facilities," the statement said.

According to cybersecurity expert Nariman Gharib, the group Handala Hack, Karma Below and Homeland Justice were created and are operated by a cyber unit within the counter-cyber threat division (CT) of Iran's Ministry of Intelligence's internal security department, specifically for advertising purposes.

Microsoft released a report last year which said that since the Gaza war, Iran "surged its cyber, influence, and cyber-enabled influence operations against Israel".

"From October 7, 2023, to July 2024, nearly half of the Iranian operations Microsoft observed targeted Israeli companies," said the Microsoft Digital Defense Report.

The US software giant's report in October said that from July to October 2023, only 10 percent of Iranian cyberattacks targeted Israel, while 35 percent aimed at American entities and 20 percent at the United Arab Emirates.

However, the war has seen a spike in cyber attacks on Israel alongside attacks by Iran's military allies against the Jewish state.

"Within two days of Hamas' attack on Israel, Iran stood up several new influence operations," Microsoft said.