An Iran-linked hacking group has claimed to have leaked a large collection of emails belonging to a former senior Israeli intelligence official, while continuing to publish statements about a recent cyberattack targeting a US company.
The group, known as Handala, said it released more than 100,000 personal emails linked to Sima Shine, a former head of research at Israel’s Mossad intelligence agency. The claim was published on the group’s leak site along with sample files and download links intended to support the allegation.
According to the post, the dataset includes personal correspondence tied to the former official. The full contents of the material have not been independently verified. Researchers said the forum hosting the data was later taken offline, limiting access to the files and preventing a full review of the alleged leak.
The claim forms part of a broader campaign attributed to Handala, which has been linked by cybersecurity researchers to Iran-aligned threat activity. The group is known for combining data leaks with disruptive cyber operations and public messaging on social platforms.
The announcement was made shortly after the group claimed responsibility for a cyberattack against Stryker, a US-based medical technology company. In that case, Handala said it carried out a destructive attack affecting internal systems.
Stryker confirmed that it experienced a cyber incident involving disruption to its Microsoft-based environment, but said it had no indication of ransomware or malware. The company stated that the issue had been contained and that it was continuing to investigate the scope and impact of the incident.
Handala has also made additional claims about the Stryker attack, including statements that large amounts of data were wiped or extracted. These claims have not been independently confirmed. Reports from employees and external sources indicated that some devices connected to the company’s systems were affected during the incident.
Security analysts have previously linked Handala to a wider network of Iran aligned cyber operations that combine espionage, data theft, and disruptive activity. The group has been associated with campaigns targeting organizations in Israel and other regions, often publishing data leaks alongside operational claims.
Authorities have not confirmed the authenticity of the alleged email leak or whether any sensitive information was exposed. Investigations into both the reported data release and the Stryker incident are ongoing.