Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats

INDUSTRY NEWS 2 min read Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Graham CLULEY April 30, 2026 Promo Protect all your devices, without slowing them down. Free 30-day trial US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. The messages, which began arriving on Monday, came signed by the Iran-linked Handala hacking group, that has spent much of 2026 attacking US and Israeli targets. According to media reports, messages sent to marines at Naval Support Activity Bahrain read: "Your identities are fully known to our missile units, and every move you make is under our surveillance. Very soon, you will be targeted by our Shahed drones and Kheibar and Ghadeer missiles… We suggest you call your families now and say your final goodbyes." The messages reportedly arrived from a Bahraini phone number registered to a local business - most likely because it had been spoofed or hijacked. A day later, the Handala hacking crew took to its Telegram channel to announce that it had published the names and phone numbers of 2,379 US Marines stationed in the Persian Gulf. The group also boasted that it knows the home addresses and family details, as well as daily commutes, shopping habits, and "nightly leisure activities" of tens of thousands of US military personnel in the region. Handala, which first surfaced in late 2023, presents itself as a pro-Palestinian hacktivist group. The US Department of Justice, however, publicly identifies it as a cover operation for Iran's Ministry of Intelligence and Security. In recent months the group has been very active, with a highly-publicised attack on US medical technology firm Stryker which saw tens of thousands of devices wiped, as well as the breach of FBI Director Kash Patel's personal Gmail account. Handala's claims can not be taken completely at face value. There is a long history of state-sponsored hacking groups recycling old breaches, padding leaks with publicly-available information, and presenting incidents as an intelligence coup. In short, it is quite possible that what Handala "knows" about the US Marines may well have been scraped from data brokers and social media rather than have been gathered recently from secure systems. But that doesn't negate the point that the point of a campaign like this is to scare and destabilise members of the US armed forces. If a Marine receives a WhatsApp message naming them and threatening their family, it does not really matter where the data came from. In short, hackers whether targeting regular members of the public or the armed forces will often try to short-circuit your judgement, and fluster you into taking rash decisions, by making threats that they may have no means to put into action. TAGS industry news AUTHOR Graham CLULEY Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s. View all posts RIGHT NOW TOP POSTS SCAM HOW TO Scammer phone number lookup. How to check if a phone number is a scam April 19, 2024 INDUSTRY NEWS DATA BREACH Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data April 14, 2026 FAMILY SAFETY Is your child addicted to screens? What parents should watch for, according to a therapist March 19, 2026 INDUSTRY NEWS MOBILE SECURITY Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns April 02, 2026 FOLLOW US ON SOCIAL MEDIA YOU MIGHT ALSO LIKE INDUSTRY NEWS Alleged Silk Typhoon hacker extradited to the United States to face charges Graham CLULEY April 29, 2026 SCAM Deepfake scams using Taylor Swift and Rihanna flood TikTok, report warns Alina BÎZGĂ April 30, 2026 INDUSTRY NEWS Popular WordPress redirect plugin found with years-old backdoor Vlad CONSTANTINESCU April 30, 2026 BOOKMARKS You have no bookmarks yet. Tap to read it later.