Simultaneously, the cyber domain has become a primary vector for Iranian strategic retaliation. State-aligned threat actors, notably the “Handala Hack” collective and “MuddyWater,” have executed destructive data-wiping attacks against commercial entities and critical infrastructure.
In a direct psychological operation dubbed “Operation Premature Death,” Handala Hack doxxed 400 United States Navy officers. Concurrently, other Iranian intelligence-linked actors exfiltrated and published highly sensitive personal data on over 2,300 American service members stationed in the Persian Gulf. This massive force protection failure included the public release of home addresses, family details, and daily activity logs.
Iranian cyber doctrine has clearly shifted from simple website disruption (DDoS attacks) toward advanced persistent threat (APT) behavior. Attackers are now utilizing “living-off-the-land” techniques—leveraging legitimate administrative tools already present within a network’s cloud environments and operational technology to bypass traditional, signature-based security detections. They have also deployed ransomware, such as the Brain Cipher variant which utilizes military-grade AES-256 encryption. However, these deployments are not for financial extortion, but for systemic data destruction.
Handala hacker group leaks names of 400 US Navy officers in what it calls ‘Operation Premature Death’ —— The cyber resistance group Handala announced the successful breach and exposure of 400 senior US Navy officers currently deployed in the Persian Gulf as part of “Operation Premature Death.” The group published a detailed list including ranks and operational units, claiming their “shadows” are monitoring every movement within the US fleet. Handala stated that a direct alert was sent to the secure phones of these officers, warning them that “the sea is no longer safe” for those choosing the path of aggression in West Asia. The statement emphasized a complete breakdown of US operational security, quoting, “This is proof that our eyes remain wide open and ever vigilant in the heart of your fleet.” Handala framed the leak as a final warning to the US and its regional allies, asserting that no base or alliance can shield them from retribution. The group concluded the message with a promise of “death and destruction,” declaring that the “executioner of justice and vengeance is closer than ever.”
Stryker devices wiped, the email of the FBI boss Kash Patel breached, and now, personal details of thousands of US Marines leaked. The Iranian hacking group Handala clearly doesn’t care about any ceasefire between the US and Iran, as fragile as the agreement is.
Last week, US Marines stationed around the Persian Gulf began receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes.
One of the messages, for instance, reads: “Your identities are fully known to our missile units, and every move you make is under our surveillance. Very soon, you will be targeted by our Shahed drones and Kheibar and Ghadeer missiles. We suggest you call your families now and say your final goodbyes.”
This flurry of threats came from Handala, the Iranian hacking group that calls them “rapid signal alerts.”
Firing of 130 CISA staff worries cybersecurity industry
News
Feb 21, 2025
‘It’s like you can see the iceberg and you decide to speed the Titanic up,’ said one cybersecurity professional.
The firing of upwards of 130 cybersecurity professionals at the US Cybersecurity and Infrastructure Security Agency (CISA) is a disaster for the US, but also for many of its allies that count on close collaboration, a security expert said Thursday.
David Shipley, CEO of Beauceron Security, said he “struggles to think of another government agency that has built so much credibility and goodwill and respect across the private sector as what CISA has done. [The dismissals] are wholly undeserved, foolhardy and it’s like you can see the iceberg and you decide to speed the Titanic up. That seems like a bad thing to me.”
He added that the cuts orchestrated by Elon Musk’s US Department of Government Efficiency (DOGE) “will raise questions of and put further strains on alliances. How much trusted information sharing will allies be willing to do with CISA going forward?”
Shipley said, “everything that I’ve heard from the national security and intelligence community has thus far been mostly that the trusted relationships at the staffing level endure despite the political noise. As a Canadian, I am seeing an unprecedented level of political noise, and leaning on that reassurance that ‘don’t worry, the people that keep the lights on still keep the lights on.’ [Now] I am watching those people lose their jobs.”
The Cybersecurity Information Sharing Act (CISA) of 2015 expired on September 30, 2025, which means the legal protections for sharing cybersecurity information between the private sector and the government are no longer in effect. This lapse creates uncertainty around cybersecurity information sharing practices. mayerbrown.com Wikipedia
Retired, living in the Scottish Borders after living most of my life in cities in England. I can now indulge my interest in all aspects of living close to nature in a wild landscape. I live on what was once the Iapetus Ocean which took millions of years to travel from the Southern Hemisphere to here in the Northern Hemisphere. That set me thinking and questioning and seeking answers.
In 1998 I co-wrote Millennium Countdown (US)/ A Business Guide to the Year 2000 (UK) see https://www.abebooks.co.uk/products/isbn/9780749427917
borderslynn 