Ransomware victim disclosure
← All victimsHebrew University of Jerusalem
Claimed by Handala · listed 3 months ago
Status timeline
- Listed
Mar 13, 2026
- Data leaked
At a glance
About the victim
AI dossier — public-source company profileThe Hebrew University of Jerusalem (HUJI) is Israel's premier public research university, founded in 1918 and located on Mount Scopus in Jerusalem. It offers a broad range of undergraduate, graduate, and doctoral programs across humanities, sciences, medicine, law, and social sciences. The university is internationally recognized as a leading research institution and hosts numerous national and international research centers.
- Industry
- Higher Education & Research
- Address
- Mount Scopus, Jerusalem, Israel
- Employees
- 5001-10000
- Founded
- 1918
Attack summary
Severity: high — The claim targets a major research university's entire server infrastructure, with implied exfiltration of potentially sensitive academic, research, and personal data at significant scale; however, the post is truncated and no explicit proof count or confirmed data volume is provided, preventing a critical rating.Handala claims to have conducted an extensive and coordinated cyber operation against all servers of the Hebrew University of Jerusalem, describing it as the most significant cyber operation against the institution in recent years; the truncated post implies exfiltration and/or disruption of university systems and data.
Data the group says was taken
AI dossier — extracted from the leak post- University server data
- Research data
- Academic records
- Staff and student personal information
What the group claims
On Quds Day, a new chapter was written in the realm of cyber warfare. Handala Hack successfully targeted the Hebrew University of Jerusalem (huji.ac.il), one of the scientific and research symbols of the Zionist regime, in the most extensive cyber operation in recent years. In this sophisticated and coordinated operation, all servers of the Hebrew…
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.