Ransomware victim disclosure
← All victimsShin Bet (Israel Security Agency) – Iran Desk
listed as Behind the Curtain: Full Details of Shin Bet’s Iran Desk Officers Released · Claimed by Handala · listed 3 months ago
Status timeline
- Listed
Mar 25, 2026
- Data leaked
At a glance
About the victim
AI dossier — public-source company profileThe Shin Bet (Shabak), formally the Israel Security Agency, is Israel's internal security and counter-intelligence service. Its Iran Desk is a dedicated operational unit responsible for monitoring and countering Iranian intelligence activities and threats. The organisation operates under direct oversight of the Israeli Prime Minister.
- Industry
- National Intelligence & Internal Security
- Founded
- 1948
Attack summary
Severity: critical — The claimed exposure of the identities of active intelligence officers from a national security agency constitutes a critical disclosure: it endangers personal safety, risks ongoing operations, and represents the most sensitive category of government/national-security PII imaginable.The group Handala claims to have exfiltrated the personal details and identifying information of approximately 50 senior officers assigned to Shin Bet's Iran Desk, publishing their names and associated data publicly.
Data the group says was taken
AI dossier — extracted from the leak post- Names of ~50 senior Shin Bet Iran Desk officers
- Officer identification/personnel numbers
- Potentially personal contact or operational details
What the group claims
In the silence of the night, the communication lines of the Zionist regime are no longer calm. You don’t hear the sound of our footsteps, but you feel our presence; just as now, the names of 50 senior officers from your Iran desk are on our list: numbers that are no longer just for work…
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.