Iranian hacker group issues cyber threats against Netanyahu’s flight
What warning did the Iranian hacker group “Handala” issue?
The Iranian hacker group known as Handala published a veiled threat against Israeli Prime Minister Benjamin Netanyahu ahead of his planned flight to Florida for a meeting with US President Donald Trump. In a post on X, the group framed its warning in metaphorical language that hinted at both cyber intrusion and potential danger to the flight, rather than stating an explicit operational threat. (Israel National News)
Handala wrote on X/Twitter, saying: “As ‘Flight BB Gate’ rises above the clouds, encrypted currents stir quietly among the watchers and the watched.” The message suggested that security systems around the flight might be probed or compromised, adding that “those who guard the skies may find that the unexpected travels with them, and not every hidden truth remains grounded.”
What did Handala’s message actually say?
The group’s X post used poetic phrasing to suggest surveillance and possible access to sensitive data linked with Netanyahu’s travel. It referred to “layers of protection” tightening as the journey unfolds, but hinted that “secrets take flight too – leaving trails only the most attentive can see,” implying potential exposure of classified information or flight-related details.
Handala added a pointed line directed personally at Netanyahu: “And Bibi, it seems you’re carrying some rather interesting souvenirs with you this time.” The post ended with the ominous phrase “Tik Tok…Tik Tok,” clearly intended to signal a countdown or looming risk without specifying what form that risk might take. Analysts noted the “Flight BB Gate” wordplay folded together “Bibi,” Netanyahu’s nickname, with “gate,” the suffix long attached to political scandals.
What happened after the flight threat?
Within a day, the warning escalated into a far more concrete claim. On December 28, 2025, Handala announced an operation it branded “Bibi Gate,” asserting it had hacked the iPhone of Tzachi Braverman, Netanyahu’s chief of staff and cabinet secretary. The group threatened to publish what it described as encrypted chats, financial records, and “every secret” tied to Netanyahu’s inner circle, and began releasing files it claimed included phone numbers belonging to senior officials and even the premier’s wife, Sara Netanyahu. (The AEGIS Alliance)
Israel’s Prime Minister’s Office pushed back, saying, “No breach has been found. The issue is being investigated.” Days later, an Israeli source reiterated that there were no indications Braverman’s phone had been compromised, while the inquiry continued. The timing was politically charged: the claim landed amid the “Qatargate” affair swirling around Netanyahu’s office, and Braverman had been slated to become Israel’s ambassador to Britain.
Who is Handala and what is their record?
Handala is described as an Iranian hacker group that has previously claimed responsibility for cyber operations targeting Israeli individuals and institutions. The same group has been linked to incidents such as alleged intrusions into the car systems of an Israeli nuclear scientist and a claimed hack of former Prime Minister Naftali Bennett’s phone.
Past claims associated with Handala also include leaking personal details of Mossad officials and threatening Israeli defense employees, indicating an ongoing focus on intelligence, psychological pressure, and reputational damage rather than only technical disruption. These operations aim to create a sense of vulnerability among senior security and political figures in Israel. The group takes its name from Handala, the barefoot refugee boy drawn in 1969 by Palestinian cartoonist Naji al-Ali, a long-standing symbol of Palestinian dispossession and resistance.
Western researchers and analysts widely assess Handala as a front for Iran’s Ministry of Intelligence (MOIS), operating alongside related personas within a cyber unit tracked as “Banished Kitten.” Notably, some of the group’s biggest claims have proven inflated on inspection. Independent analysis of the Bennett operation found the breach was limited to his Telegram account rather than the phone itself, and Bennett confirmed as much – a pattern that several cybersecurity experts say reflects a “loud” actor of low-to-medium technical sophistication whose real weapon is perception.
How is Netanyahu’s planned trip to the US involved?
The threat emerged just before a planned Netanyahu trip to Florida to meet US President Donald Trump, in a visit that Jerusalem officials indicated would occur on December 29. According to the Prime Minister’s Office, Trump had recently invited Netanyahu to meet, though the White House itself had not yet issued a formal announcement at the time of the report.
NBC News reported that Netanyahu intended to present Trump with options for new strikes on Iran during the visit. That detail is central to understanding the confrontation: it came only months after Israel launched its surprise military campaign against Iran in June 2025 – joined by US strikes on Iranian nuclear sites that were under International Atomic Energy Agency safeguards – and as Netanyahu was reportedly seeking to renew the offensive. An Iran-linked group warning the prime minister mid-flight, then, reads less as random provocation than as a response to an Israeli leader actively pressing Washington to escalate the war.
What broader message does this cyber threat send?
By choosing a cryptic style and directly addressing “Flight BB Gate,” Handala’s message aims at psychological impact, suggesting that security around Netanyahu’s travel may be more porous than it appears. The focus on “encrypted currents” and “hidden truth” stresses the idea that sensitive data, and perhaps flight-related systems, might be monitored or compromised by hostile actors. Cybersecurity specialists who later examined the “Bibi Gate” posts characterized them as “psychological dominance messaging” engineered to induce anxiety inside Netanyahu’s circle, rather than verifiable technical disruption.
The combination of previous claimed hacks and this latest ominous post operates as a form of strategic signaling toward both Israeli officials and the broader public. It underscores how cyber activity, public threats, and high-profile diplomatic travel intersect in the ongoing confrontation between Iran-linked cyber groups and an Israeli political and security leadership that, through its strikes on Iran and its conduct in Gaza, has made itself the focal point of regional retaliation. (The AEGIS Alliance)
