Un groupe de pirates informatiques iraniens profère des cybermenaces contre le vol de Netanyahu

Quel avertissement a lancé le groupe de pirates informatiques iraniens « Handala » ?

The Iranian hacker group known as Handala le groupe a publié une menace voilée contre le Premier ministre israélien Benjamin Netanyahu avant son vol prévu en Floride pour une rencontre avec le président américain Donald Trump. Dans un message publié sur X, le groupe a formulé son avertissement dans un langage métaphorique qui laissait entendre à la fois une cyberintrusion et un danger potentiel pour le vol, plutôt que de formuler une menace opérationnelle explicite.Actualités Nationales D'Israël)

Handala a écrit sur Twitter : « Alors que le vol BB s’élève au-dessus des nuages, des courants cryptés s’agitent discrètement entre les observateurs et les observés. » Le message laissait entendre que les systèmes de sécurité entourant le vol pourraient être sondés ou compromis, ajoutant que « ceux qui gardent le ciel pourraient découvrir que l’inattendu les accompagne et que toutes les vérités cachées ne restent pas à jamais enfouies. »

Que disait réellement le message de Handala ?

Le message publié sur X par le groupe utilisait un langage poétique pour suggérer une surveillance et un possible accès à des données sensibles liées aux déplacements de Netanyahu. Il évoquait des « niveaux de protection » se renforçant au fur et à mesure du voyage, mais laissait entendre que « les secrets s'envolent aussi, laissant des traces que seuls les plus attentifs peuvent déceler », sous-entendant une possible divulgation d'informations classifiées ou de détails relatifs au vol.

Handala added a pointed line directed personally at Netanyahu: “And Bibi, it seems you’re carrying some rather interesting souvenirs with you this time.” The post ended with the ominous phrase “Tik Tok…Tik Tok,” clearly intended to signal a countdown or looming risk without specifying what form that risk might take. Analysts noted the “Flight BB Gate” wordplay folded together “Bibi,” Netanyahu’s nickname, with “gate,” the suffix long attached to political scandals.

What happened after the flight threat?

Within a day, the warning escalated into a far more concrete claim. On December 28, 2025, Handala announced an operation it branded “Bibi Gate,” asserting it had hacked the iPhone of Tzachi Braverman, Netanyahu’s chief of staff and cabinet secretary. The group threatened to publish what it described as encrypted chats, financial records, and “every secret” tied to Netanyahu’s inner circle, and began releasing files it claimed included phone numbers belonging to senior officials and even the premier’s wife, Sara Netanyahu. (L'Alliance AEGIS)

Israel’s Prime Minister’s Office pushed back, saying, “No breach has been found. The issue is being investigated.” Days later, an Israeli source reiterated that there were no indications Braverman’s phone had been compromised, while the inquiry continued. The timing was politically charged: the claim landed amid the “Qatargate” affair swirling around Netanyahu’s office, and Braverman had been slated to become Israel’s ambassador to Britain.

Qui est Handala et quel est son palmarès ?

Handala est décrit comme un groupe de pirates informatiques iraniens ayant déjà revendiqué des cyberattaques visant des personnes et des institutions israéliennes. Ce même groupe est impliqué dans des incidents tels que des intrusions présumées dans les systèmes informatiques de la voiture d'un scientifique nucléaire israélien et le piratage présumé du téléphone de l'ancien Premier ministre Naftali Bennett.

Past claims associated with Handala also include leaking personal details of Mossad officials and threatening Israeli defense employees, indicating an ongoing focus on intelligence, psychological pressure, and reputational damage rather than only technical disruption. These operations aim to create a sense of vulnerability among senior security and political figures in Israel. The group takes its name from Handala, the barefoot refugee boy drawn in 1969 by Palestinian cartoonist Naji al-Ali, a long-standing symbol of Palestinian dispossession and resistance.

Western researchers and analysts widely assess Handala as a front for Iran’s Ministry of Intelligence (MOIS), operating alongside related personas within a cyber unit tracked as “Banished Kitten.” Notably, some of the group’s biggest claims have proven inflated on inspection. Independent analysis of the Bennett operation found the breach was limited to his Telegram account rather than the phone itself, and Bennett confirmed as much – a pattern that several cybersecurity experts say reflects a “loud” actor of low-to-medium technical sophistication whose real weapon is perception.

Quel est le lien avec le voyage prévu de Netanyahu aux États-Unis ?

The threat emerged just before a planned Netanyahu trip to Florida to meet US President Donald Trump, in a visit that Jerusalem officials indicated would occur on December 29. According to the Prime Minister’s Office, Trump had recently invited Netanyahu to meet, though the White House itself had not yet issued a formal announcement at the time of the report.

NBC News reported that Netanyahu intended to present Trump with options for new strikes on Iran during the visit. That detail is central to understanding the confrontation: it came only months after Israel launched its surprise military campaign against Iran in June 2025 – joined by US strikes on Iranian nuclear sites that were under International Atomic Energy Agency safeguards – and as Netanyahu was reportedly seeking to renew the offensive. An Iran-linked group warning the prime minister mid-flight, then, reads less as random provocation than as a response to an Israeli leader actively pressing Washington to escalate the war.

Quel message plus large cette cybermenace envoie-t-elle ?

By choosing a cryptic style and directly addressing “Flight BB Gate,” Handala’s message aims at psychological impact, suggesting that security around Netanyahu’s travel may be more porous than it appears. The focus on “encrypted currents” and “hidden truth” stresses the idea that sensitive data, and perhaps flight-related systems, might be monitored or compromised by hostile actors. Cybersecurity specialists who later examined the “Bibi Gate” posts characterized them as “psychological dominance messaging” engineered to induce anxiety inside Netanyahu’s circle, rather than verifiable technical disruption.

The combination of previous claimed hacks and this latest ominous post operates as a form of strategic signaling toward both Israeli officials and the broader public. It underscores how cyber activity, public threats, and high-profile diplomatic travel intersect in the ongoing confrontation between Iran-linked cyber groups and an Israeli political and security leadership that, through its strikes on Iran and its conduct in Gaza, has made itself the focal point of regional retaliation. (L'Alliance AEGIS)