[threat-actors] Add Handala

clusters/threat-actor.json

@@ -16872,6 +16872,19 @@
       },
       "uuid": "7d067b1a-89df-46ff-a2fc-d688da721236",
       "value": "AzzaSec"
+    },
+    {
+      "description": "Handala is a pro-Palestinian hacktivist group that targets Israeli organizations, employing tactics such as phishing, data theft, extortion, and destructive attacks using custom wiper malware. The group utilizes a multi-stage loading process, including a Delphi-coded second-stage loader and an AutoIT injector, to deliver wiper malware that specifically targets Windows and Linux environments. Their phishing campaigns often exploit major events and critical vulnerabilities, masquerading as legitimate organizations to gain initial access. Handala operates a data leak site to publicize stolen data, although claims of successful attacks are sometimes disputed by targeted organizations.",
+      "meta": {
+        "country": "PS",
+        "refs": [
+          "https://www.splunk.com/en_us/blog/security/handalas-wiper-threat-analysis-and-detections.html",
+          "https://www.trellix.com/blogs/research/handalas-wiper-targets-israel/",
+          "https://intezer.com/blog/research/stealth-wiper-israeli-infrastructure/"
+        ]
+      },
+      "uuid": "7b14f285-86e9-47da-be1a-16ce566c428b",
+      "value": "Handala"
     }
   ],
   "version": 315