Israelis all over the country received threatening text messages via WhatsApp on Monday. The messages, written in English, are sent from business accounts that appear legitimate, such as those for a cake shop or other businesses, yet involve hackers taking control of existing accounts or creating fake ones.
The National Cyber Directorate has been briefed on the details and is examining the source of the messages, as the pattern of activity aligns with that of the Iranian hacker group Handala, which typically combines cyberattacks with psychological warfare targeting citizens to undermine their sense of personal security.
The message sent to many citizens was written in English and included direct political and military references. It read, "Netanyahu, leader of the Epstein cult, is trying to maintain his position of authority by committing another act of reckless foolishness. This is a warning to you, the Jewish residents of the occupied territories: Prepare for a barrage of Sayid Majid missiles if you do not put an end to this foolishness. You will soon be spending weeks in your shelters, so stock up now. Hack Handala."
Handala group
The Handala group is well known to the cybersecurity community in Israel and worldwide. Although it presents itself as an independent resistance group, many security experts believe it operates under the protection of Iranian intelligence agencies.
In the past, the group has taken responsibility for breaches of government offices, infrastructure companies, and even sensitive research institutes, or, as in this case, using a direct method of contacting the public.
The use of WhatsApp allows hackers to bypass telecommunications companies' spam filters that detect malicious SMS messages and reach the user's lock screen directly.
What to do when receiving a message
In the case of such a message, the number it was sent from should be blocked immediately and reported in the WhatsApp app as spam or abusive content. It is recommended to report the message to the National Cyber Directorate via the 24/7 helpline at 119.
These reports help the Directorate build a broader picture of the attack, identify new operational patterns, and issue updated alerts to the public. The Cyber Directorate is also working with Meta, WhatsApp's parent company, to block the infrastructure hackers use to distribute these messages.
In addition to blocking and reporting, all users are advised to ensure that two-step verification is enabled on their WhatsApp accounts. This provides an extra layer of security by requiring a personal code each time the account is set up on a new device, which prevents hackers from taking control of the account remotely.