A new front in cyber warfare: How Hanzala challenged Israel’s digital security
The hacking group known as Hanzala claims it delivered a bouquet of flowers—signed under the name “Hanzala Popular Resistance”—to Itzhak Gertz, a nuclear specialist of the Israeli regime, placing it inside his car.
Hanzala announced that this act was intended as a symbolic message following what it describes as a major cyber and physical infiltration operation.
In a message addressed to Itzhak Gertz—whom the group refers to as a senior nuclear architect of the Israeli regime—Hanzala states it has gained full access to his personal information, academic records, residential address, and workplace at the Soreq and Seraf nuclear facilities.
Hanzala also claimed responsibility for breaching the Soreq Nuclear Research Center, saying it had obtained data apparently linked to Gertz and has now published the material online.
In addition, the group released what it described as a new list of “wanted” Israeli individuals, reiterating its offer of 10,000 dollars for what it called credible information on the whereabouts of those listed.
The statement also referenced Unit 8200, the elite signals intelligence and cyber unit of the Israeli military. Operating under the Military Intelligence Directorate (Aman), Unit 8200 is widely regarded as the largest unit in the Israeli army and plays a central role in signals intelligence collection, data analysis, and electronic warfare.
Its responsibilities include intercepting and decrypting communications, developing espionage and intelligence tools, and conducting electronic warfare operations.
This release builds on previous actions by Hanzala, including exposing Israeli nuclear and military sites, revealing personal information of senior military scientists, and claiming infiltration of radar systems and the Iron Dome—indicating an escalation in the group’s campaign of disclosures targeting the Israeli intelligence-military apparatus.
Unit 8200 has come under heavy criticism for its extensive surveillance of Palestinians, including intercepting and storing millions of private communications for the purposes of control and coercion.
These incidents represent the latest leaks of sensitive and classified data emerging from Israeli institutions.
In recent years, the Israeli regime has faced a rising trend of cyberattacks and widespread data breaches.
Four years after a cyberattack that crippled Hillel Yaffe Hospital, vulnerabilities in Israel’s healthcare system remain evident.
Since the outbreak of the war in October 2023, Israel’s digital domain has become a frontline battleground. By year’s end, Israeli officials recorded 3,380 cyberattacks—an increase of 150% compared to previous years.
According to the Hebrew-language newspaper Yedioth Ahronoth, more than 800 of these cyberattacks had “significant damage potential.”
Microsoft’s 2025 Digital Defense Report places Israel as the third most-targeted country for cyberattacks worldwide, after the United States and the United Kingdom.
It is also the primary target in the Middle East and Africa, absorbing more than 20% of attacks in the region.
The techniques used are familiar but highly effective: exploiting unpatched vulnerabilities, using leaked or stolen credentials, and launching basic phishing schemes that enable direct access to internal networks.
Despite the prominent role of state-linked actors, financial gain still drives most activity. Data theft accounts for 80% of attacks, and more than half involve ransomware.
The exploited weaknesses are often frustratingly basic: weak or reused passwords, delayed software updates, and outdated systems.
Artificial intelligence is amplifying the threat; AI tools now enable inexperienced attackers to rapidly scale their capabilities