Ransomware victim disclosure
← All victimsThe Slightest Aggression: Enemy Infrastructure Reduced to Ashes
Claimed by Handala · listed 3 months ago
Status timeline
- Listed
Mar 25, 2026
- Data leaked
At a glance
About the victim
AI dossier — public-source company profileThe target referenced in this post does not appear to be a conventional company. Handala claims to have collected precise coordinates and information on key water and electricity infrastructure located in Israeli-controlled ('occupied') territories. The post is framed as a deterrence message rather than a commercial ransomware disclosure.
- Industry
- Critical Infrastructure (Water & Electricity)
Attack summary
Severity: critical — The claimed exfiltration of precise geospatial coordinates and operational details of national critical infrastructure (water and power) in a conflict zone constitutes a critical severity event, with direct implications for national security and potential for physical harm.Handala claims to have exfiltrated geospatial intelligence and detailed information on critical water and electricity infrastructure in Israel, asserting this data is stored in Iran's 'target bank' for potential retaliatory use. No ransom demand is made; the disclosure is framed as a cyber-deterrence and information-operations action.
Data the group says was taken
AI dossier — extracted from the leak post- Coordinates of water infrastructure
- Coordinates of electricity/power infrastructure
- Key facility location data
- Critical infrastructure targeting intelligence
What the group claims
Know and be aware: If Iran’s power plants are targeted, the response will not only be at the same level but far beyond. As observed today, all information and precise coordinates of key water and electricity infrastructure in the occupied territories are fully stored in Iran’s target bank. The slightest aggression against Iran’s vital facilities…
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.