U.S. service members test phone line connectivity at Whiteman Air Force Base in Missouri on Aug. 20, 2025. On Monday, service members stationed in the Middle East received threatening text messages from a group linked to Iranian cyberattacks. (Joseph Garcia/U.S. Air Force)
U.S. service members assigned to units in the Middle East received threatening messages on Monday from what appeared to be an Iranian-linked cyberattack group known as Handala Hack.
The messages, seen by Stars and Stripes, warned service members that they were under surveillance and threatened to target them with drones and missiles. Stripes reviewed identical WhatsApp messages sent to two service members stationed in Bahrain, which hosts U.S. Naval Forces Central Command.
“Your identities are fully known to our missile units, and every move you make is under our surveillance,” read the text. “Very soon, you will be targeted by our Shahed drones and Kheibar and Ghadeer missiles. We will deal with you, the terrorists whose hands are stained with the blood of the Minab schoolchildren. We suggest you call your families now and say your final goodbyes.”
The messages were signed “Handala,” with a link to the group’s website. They appeared to come from a Bahraini cellphone number linked to a legitimate business on the island.
U.S. Central Command referred Stars and Stripes to the Naval Criminal Investigative Service, which did not immediately respond to questions about how many people received the messages or whether they posed a legitimate threat to forces in the region. The group on Tuesday claimed to have published the full personal details of 2,379 U.S. Marines stationed in the Persian Gulf, according to its public Telegram channel.
Handala Hack is a well-known hacker group in the cybersecurity sphere and has been linked to previous attempts to infiltrate U.S. and Israeli organizations. The group was found to be behind a major cyberattack on medical technology company Stryker last month, and reportedly managed to hack into FBI Director Kash Patel’s personal email inbox.
Handala presents itself as a pro-Palestinian collective but for years has operated as a front group for Iran’s Ministry of Intelligence and Security, according to the Department of Justice. The department last month seized four web domains linked to Handala, which it said were used to publish personally identifiable information and harass targeted individuals in the U.S. and abroad.
The group is known for sending intimidating and threatening messages to Iranian adversaries. The Jerusalem Post reported Israelis across the country on Monday received similar messages that authorities believed were linked to the same organization.
The Navy earlier this month advised all sailors to lock down their phones and social media accounts amid increasing online threats from the war with Iran. The announcement, sent by then-Navy Secretary John Phelan, said adversary cyber actors were conducting a “social engineering campaign” actively targeting Navy personnel and their families via individual phishing attempts and social media accounts.
“These actors seek to psychologically influence [Navy] personnel and their families, and also seek to trick personnel into clicking on/opening potentially malicious links and files,” Phelan wrote.
Anyone receiving suspicious emails or text messages was advised to not respond and avoid clicking on any links or attachments. Suspicious messages should be reported to IT departments, the memo added.
Click Here For The Original Source.
