Handala Hackers Claim Breach of Former IDF Chief Herzi Halevi’s Private Devices and Family Life

Iran-linked Handala group claims to have breached former IDF Chief Herzi Halevi’s devices, leaking 19,000 files including private family photos and ID cards.

By: AXL Media

Published: Apr 9, 2026, 4:38 AM EDT

Source: Information for this report was sourced from Times of Israel and U.S. Department of Justice

A Targeted Breach of Israel’s Former Military Leadership

The hacking group Handala, which Western intelligence agencies have officially linked to Iran’s Ministry of Intelligence and Security (MOIS), announced a major data exfiltration targeting former IDF Chief of Staff Herzi Halevi. On its leak site, the group claimed to have seized more than 19,000 confidential images and videos. The published material includes footage of Halevi in high-level military settings, such as crisis rooms and command centers, along with detailed maps of sensitive facilities. This breach represents one of the most significant personal compromises of a senior Israeli defense official to date, aiming to demonstrate deep penetration into the private lives of the nation’s security elite.

Exposure of Private Family Life and Personal Identity

Beyond military intelligence, Handala released highly personal content, including images of Halevi’s family life and workouts in his private office. The group also published the government-issued identification cards of both Halevi and his wife, a tactic intended to increase the perceived threat to the former general’s personal safety. According to cybersecurity analysts at Reichman University, this "hack-and-leak" operation follows a established pattern where Iranian state-sponsored actors use personal vulnerabilities to conduct psychological operations. By exposing domestic details, the group seeks to undermine the confidence of current and former Israeli officials in their own digital security.

The Strategic Evolution of the Handala Persona

Handala has significantly ramped up its activity following the commencement of "Operation Epic Fury," the U.S.-Israeli joint strikes on Iran on February 28, 2026. While the group portrays itself as an independent pro-Palestinian hacktivist collective, the U.S. Justice Department confirmed in March 2026 that it is a front for the Iranian threat actor Void Manticore. The group’s tactics have evolved from simple website defacements to destructive wiper attacks, such as the March 2026 strike on the U.S. medtech firm Stryker. This latest operation against Halevi indicates that even after several of its primary domains were seized by the FBI, the group has successfully rebuilt its infrastructure to continue high-profile doxxing.