Iran-Linked Hackers Threaten U.S. Forces in Bahrain with Drones and Missiles

Key facts

• Handala Hack sent threatening WhatsApp messages to U.S. service members in Bahrain on Monday.
• Messages warned of surveillance and threatened drone and missile attacks, referencing Shahed drones and Kheibar and Ghadeer missiles.
• The group claimed to have published personal details of 2,379 U.S. Marines stationed in the Persian Gulf.
• Handala Hack is linked to Iran's Ministry of Intelligence and Security, according to the U.S. Department of Justice.
• The group previously hacked medical technology company Stryker and FBI Director Kash Patel's personal email.
• The U.S. Navy advised sailors to lock down phones and social media amid increasing online threats from the war with Iran.
• Similar threatening messages were received by Israelis across the country on the same day.

Threatening Messages Target U.S. Personnel in Bahrain

U.S. service members stationed in the Middle East received menacing text messages on Monday from a group linked to Iranian cyberattacks, warning that they were under surveillance and would be targeted with drones and missiles. The messages, sent via WhatsApp to two service members in Bahrain, which hosts U.S. Naval Forces Central Command, were signed by the group Handala Hack and included a link to its website. The messages read: “Your identities are fully known to our missile units, and every move you make is under our surveillance. Very soon, you will be targeted by our Shahed drones and Kheibar and Ghadeer missiles. We will deal with you, the terrorists whose hands are stained with the blood of the Minab schoolchildren. We suggest you call your families now and say your final goodbyes.” The texts appeared to originate from a Bahraini cellphone number linked to a legitimate business on the island.

Handala Hack Claims to Leak Data of Thousands of Marines

On Tuesday, the group claimed via its public Telegram channel to have published the full personal details of 2,379 U.S. Marines stationed in the Persian Gulf. U.S. Central Command referred inquiries to the Naval Criminal Investigative Service, which did not immediately respond to questions about the number of recipients or the credibility of the threats. The Navy earlier this month had advised all sailors to lock down their phones and social media accounts amid increasing online threats linked to the war with Iran. Then-Navy Secretary John Phelan warned that adversary cyber actors were conducting a “social engineering campaign” actively targeting Navy personnel and their families through phishing attempts and social media.

Handala Hack: A Front for Iran's Intelligence Ministry

Handala Hack is a well-known hacker group in the cybersecurity sphere, presenting itself as a pro-Palestinian collective but operating as a front group for Iran’s Ministry of Intelligence and Security, according to the U.S. Department of Justice. The department last month seized four web domains linked to Handala, which it said were used to publish personally identifiable information and harass targeted individuals in the U.S. and abroad. The group has been linked to previous attempts to infiltrate U.S. and Israeli organizations. It was behind a major cyberattack on medical technology company Stryker last month and reportedly managed to hack into FBI Director Kash Patel’s personal email inbox.

Similar Threats Hit Israelis on Same Day

Israelis across the country received similar threatening messages on Monday, which authorities believed were linked to the same organization. The coordinated timing suggests a broader campaign aimed at intimidating adversaries of Iran. The messages to U.S. service members referenced the “blood of the Minab schoolchildren,” a reference to a tragic incident in Iran that has been used by the group to justify its actions. The group is known for sending intimidating and threatening messages to Iranian adversaries.

Navy Issues Security Advisory Amid Rising Cyber Threats

In response to the escalating online threats, the Navy advised personnel to not respond to suspicious emails or text messages and to avoid clicking on any links or attachments. to IT departments, according to a memo from then-Navy Secretary John Phelan. The advisory came as three U.S. aircraft carriers are deployed in the Middle East for the first time in decades, and troops are set to receive danger pay in Iran conflict zones, including Diego Garcia. The heightened military presence underscores the tensions between the U.S. and Iran.

The bottom line

• Handala Hack, linked to Iran's intelligence ministry, sent direct threats to U.S. service members in Bahrain.
• The group claims to have leaked personal data of 2,379 Marines, raising concerns about operational security.
• The U.S. Navy had already warned of a social engineering campaign targeting personnel before the messages.
• Similar threats were sent to Israelis, indicating a coordinated psychological operation.
• The incident occurs amid heightened U.S. military presence in the Middle East with three aircraft carriers deployed.
• Authorities have not confirmed the credibility of the threats or the extent of the data breach.