“Handala Hack” – Unveiling Group’s Modus Operandi

Handala Hack, an Iranian state-linked threat group, continues to execute rapid, hands-on destructive attacks against high-profile targets using a blend of persistent credential theft, lateral movement via RDP and tunneling tools, and simultaneous deployment of multiple wipers, now enhanced with AI-assisted scripting and legitimate encryption utilities to maximize operational impact and complicate recovery.