Handala hacktivists reveal how they penetrated Israeli 'think tank' classified data

Handala, the pro-resistance hacker group, has laid out, in rare detail, how it conducted a multi-year breach of the network security of Israel’s so-called Institute for National Security Studies (INSS), gaining long-term access to its classified information.

In a statement released Tuesday, the group said it had, for years, maintained full access to the notorious think tank’s restricted files.

According to Handala, the most significant breakthrough occurred on April 22, 2025, when “the doors of INSS became wide open,” and two hooded operatives walked into floor -2, the level where the institute stores its most sensitive material.

“This was not a one-time operation, but the result of years of planning which gave access to the most vital information in INSS,” the group stated.

“Does this prove Handala’s multi-year penetration of your security? Are your so-called secret meetings really secret? How do you justify and cover up our access to the movements of high-ranking Mossad and Shin Bet authorities?” Handala said.

A key revelation in Handala’s announcement concerns how the group recorded the institute’s closed-door meetings. For years, INSS reportedly held its top-secret sessions over Zoom, a platform the group claims it infiltrated with ease.

“We advise you to change your CCTV cameras to the same brand that Shin Bet uses,” Handala mocked.

During the US–Israeli aggression against Iran, Handala released emails from the accounts of six senior INSS figures: Raz Zimmt; Tamir Hayman; Sima Shine, a senior researcher and former head of the Mossad's research division; Laura Gilinsky, deputy director for strategic partnerships; Deborah Oppenheimer, former head of foreign affairs; and Dr Ilan Steiner, chief finance and operations officer.

Handala branded the institute “the research and analytical arm of the Mossad,” claiming access to more than 400,000 classified files, including passwords for the institute’s security cameras, Wi-Fi network, and the Zoom account used for high-level discussions.

In September 2025, Ilan Steiner received a Google alert about suspicious activity in his private Gmail account. The notification had been forwarded to his INSS email, which Handala later leaked.

By 2024, the cyber threat had spilled into the physical world. On October 31, a message circulated on a staff WhatsApp group, quoting a statement from Shin Bet: a couple from Lod had been charged with carrying out tasks for Iranian intelligence over three years, including photographing sensitive sites such as the Mossad headquarters.

Days earlier, the institute’s deputy director had warned staff that Shin Bet had informed him that one of their colleagues was under active surveillance.

What alarmed the team chat most was that the surveillance reportedly targeted an INSS employee who was on an assassination list. The man tracking her had monitored her car and scouted her home over several days. According to the security service, the handler had instructed the couple to identify a potential assassin.

Internal correspondence leaked by Handala filled in the details that the agency did not disclose, identifying the staff member explicitly.
“Everyone is calling me. They think it is me,” wrote Sima Shine in a team chat. Another colleague quickly clarified that the actual target was herself.

The leaks show that the alerts did not subside. A year ago, cybersecurity firm Volexity notified the institute that a “state actor” had breached a researcher’s email account and was using it to phish targets at research institutions in the United States.

In response, the institute’s cybersecurity officer disconnected every device associated with the compromised account.

Press TV’s website can also be accessed at the following alternate addresses:

www.presstv.ir