WANA (Jul 08) – The hacker group “Handala” has claimed responsibility for a major breach of the systems and infrastructure of the Persian-language, anti-Iranian network “Iran International,” saying it has extracted a vast amount of confidential information, including correspondence, financial records, and personal data of the network’s staff.

 

In a statement, the group said that “all servers, accounts, and communication channels” of the outlet had come under its complete control, and that it has begun the gradual release of the leaked documents.

 

First Target of the Leak: Mojtaba Pourmohsen

The first batch of leaked materials focuses on Mojtaba Pourmohsen, a well-known journalist and media figure. The group accuses him of having worked as an intelligence asset for Mossad over the past four years, releasing portions of his personal data and iPhone messages while warning that this is only the beginning.

A portion of the data hacked and leaked by the Hanzala group from the anti-Iranian outlet Iran International / WANA News Agency

A portion of the data hacked and leaked by the Handala group from the anti-Iranian outlet Iran International / WANA News Agency

In the text addressed to Pourmohsen, the group wrote: “For four years you have worked as an intelligence agent for Mossad, but your expiration date has passed. Today we are publishing select information from your personal systems and iPhone so that you will never forget your betrayals.”

 

The hackers have also threatened to hold back much of the stolen data for a “suitable time,” adding:

 

“From now on, you’ll question every wall in your house… your friends, your ‘secret’ intelligence meetings… nothing will ever feel safe again.”

 

According to “Handala,” among the leaked documents is evidence of secret meetings between Pourmohsen and Mossad officers in London, including one in the spring of last year that the group claims was fully monitored and even recorded.

Handala also published a list of other Iran International staff and asked people to guess who is next? / WANA News Agency

Handala also published a list of other Iran International staff and asked people to guess who is next? / WANA News Agency

Allegations of Broad Intelligence Collaboration in Europe

The group also published a list of other Iran International staff or former collaborators, accusing them of repeated contacts with foreign intelligence services, especially in London, Paris, and Berlin.

 

The list includes names such as Ali-Asghar Ramazanpour, Mahmoud Enayat, Mojtaba Pourmohsen, Niusha Sarami, Morad Veisi, Mehdi Tajik, Amirhossein Ghazizadeh, Pouria Zeraati, and Farnoush Faraji.

 

Hacking of the “Secure Line” Channel and Identification of Over 71,000 People

Another part of the “Handala” operation involved hacking Iran International’s so-called “Secure Line” channel, which was used to receive information from sources and “informants.” The hackers claim they have taken full control of this channel, extracting and indexing all messages, files, images, and identity data sent through it.

 

According to this claim, the hackers now hold information on more than 71,000 people who have contacted the network over the past years, and say they will release parts of this data in stages.

Iran International: Acknowledging the Hack, Downplaying Its Scale

In an initial response, Iran International said the recent attack on its cyber infrastructure followed two earlier, separate attacks in the summer of 2024 and January 2025. It said the attackers gained access to internal data by compromising Telegram accounts.

 

The network also said the attackers have used different names, including “Benished Kitten” and “Exiled Kitten,” and may have infected staff devices with malware.

 

However, as of the time of this report’s publication, Iran International’s management has not issued any more detailed or comprehensive response to the newly leaked documents or the specific security allegations against its staff.

Telegram has blocked both the official channel of the “Hanzala” hacking group and its backup channel / WANA News Agency

Telegram has blocked both the official channel of the “Handala” hacking group and its backup channel / WANA News Agency

Telegram Removes Hacker Channels

At the same time, the messaging app Telegram has blocked both the official channel of the “Handala” hacking group and its backup channel to prevent wider dissemination of the leaked information.

 

“Handala”: The Meaning and Symbolic Message

The group’s name comes from the Arabic word “Handala,” which refers to a very bitter, poisonous fruit known as the “colocynth” or “bitter apple of the desert.” In Arabic culture, the term is a metaphor for extreme bitterness and harshness.

 

“Handala” is also the name of the iconic cartoon character created by the Palestinian cartoonist Naji al-Ali, representing resistance, poverty, and protest against oppression.

 

It appears that the group chose this name as a political and ideological statement to justify its actions, describing the operation as “a direct show of presence by the resistance in the heart of the enemy’s systems.”