Around September 27-28, 2025, the Iran-linked hacktivist group “Handala Hack Team” claimed a data breach against Israeli satellite operator AMOS-Spacecom . Cybersecurity researcher Joe Shenouda confirmed the group released a downloadable list of AMOS-Spacecom employees.

Handala used psychological warfare in its announcement, taunting AMOS-Spacecom and encouraging the public to contact employees directly using the leaked list. This tactic aimed to undermine the company and involve staff in the incident’s fallout. Along with the confirmed employee data leak, Handala made a more severe, uncorroborated claim of stealing sensitive military and government data. This strategy uses the confirmed leak as proof to lend credibility to the larger, more alarming claim, putting Israeli authorities in a difficult position.

This is more than a standard data breach because AMOS-Spacecom is a critical part of Israel’s national infrastructure, serving both commercial and military clients. The attack targets a strategic national asset, impacting corporate security, employee safety, and national defense.

Founded in 1993 and headquartered in Israel, AMOS-Spacecom is a publicly traded global satellite operator with revenues of around $100 million in 2024. A majority stake in the company was acquired by the Hungarian firm 4iG Plc. in 2021. AMOS-Spacecom’s strategic value comes from its AMOS satellite constellation, which provides vital communication coverage across the Middle East, Europe, Africa, and Asia. The active fleet includes key satellites like AMOS-3, AMOS-7, AMOS-4, and AMOS-17, each serving specific regions with advanced capabilities.

The company’s history includes significant, costly satellite failures, which has historically focused the space industry’s culture on physical hardware resilience over cybersecurity. This emphasis may have made AMOS-Spacecom a physically tough but digitally vulnerable target for cyberattacks.

AMOS-Spacecom’s AMOS satellites are integral to the critical infrastructure of many nations, providing essential services like DTH broadcasting, satellite internet, and corporate data networks. AMOS-Spacecom is a strategic national security asset because its AMOS satellites provide secure communication services to the Israeli military for command, control, and intelligence operations. This dual civilian-military role makes it a high-value target, and any breach is a matter of national security.

The Handala Hack Team appeared in December 2023 as a pro-Palestinian hacktivist group targeting Israeli interests. Its name and logo are based on an iconic Palestinian cartoon character, symbolizing defiance and aligning its cyber operations with the Palestinian cause.

Evidence from intelligence agencies suggests Handala is not an independent group but is linked to Iranian state-sponsored cyber units, such as those under the Ministry of Intelligence and Security. This reframes their actions as part of a state-directed hybrid warfare campaign using hacktivism as a cover. Handala has quickly evolved from simple hacktivist tactics like DDoS attacks to the sophisticated methods of an Advanced Persistent Threat (APT) actor. Their diverse techniques show they are a capable and determined adversary.

The group’s tactics include sophisticated phishing for initial access, using destructive wiper malware, and engaging in “hack-and-leak” data theft for extortion. They also conduct robust psychological operations to amplify fear and uncertainty.

The AMOS-Spacecom attack is part of a larger, escalating campaign by Handala against Israel’s most critical sectors. Their history of targets reveals a clear pattern and strategic focus on national security, technology, and political infrastructure. Handala’s attack history shows a pattern of targeting high-value Israeli entities, including the Soreq Nuclear Research Center in September 2024, the Shin Bet internal security agency in October 2024, and tech firm Silicom, linked to military intelligence, in November 2024. The group has also targeted former government ministers, military contractors, the national police, and major tech companies, demonstrating a consistent focus on Israel’s core security and technological infrastructure.

This history proves Handala is a capable and persistent threat actor that has compromised some of Israel’s most important organizations. The AMOS-Spacecom attack logically extends their campaign to Israel’s critical space assets.

The AMOS-Spacecom data breach creates cascading risks for employees, the corporation, and national security. The impact includes both the immediate threat from weaponized employee data and the long-term strategic vulnerabilities from the intrusion. The leak of the AMOS-Spacecom employee list is a severe security failure, as this information is a strategic asset for a state-sponsored attacker. This PII can be used to exploit human vulnerabilities, shifting the attack focus from technology to people.

Immediate risks to employees from the leaked data include highly targeted spear-phishing, blackmail or coercion to create insider threats, and identity theft. There are also potential physical security risks for key personnel.

The breach creates significant vulnerabilities for AMOS-Spacecom and Israeli national security, and the leaked employee data should be seen as a reconnaissance phase for a larger operation. The employee list provides a blueprint for deeper network intrusion and erodes client trust in AMOS-Spacecom’s security. The most severe risk is that this breach could enable a future catastrophic attack on the satellite infrastructure itself.

The AMOS-Spacecom cyberattack is part of a larger, escalating “shadow war” in cyberspace between Iran and Israel. This conflict involves reciprocal attacks targeting the critical national infrastructure of both countries.

Iran uses hacktivist groups like Handala as part of its hybrid warfare strategy to conduct aggressive cyber operations with plausible deniability. This approach uses ideological motivation as a cover for state-directed objectives like intelligence gathering and strategic disruption. Targeting critical national infrastructure is a key feature of this conflict, aimed at causing chaos and weakening the nation. Handala’s attacks on Israel’s nuclear facilities, defense contractors, and AMOS-Spacecom align with this strategy.

The AMOS-Spacecom incident shows that space is now a battleground for geopolitical conflicts on Earth. Nations’ growing reliance on space assets for civilian and military functions makes these systems valuable targets for cyberattacks.

The attack on AMOS-Spacecom marks a potential escalation in Iran’s proxy strategy, moving from terrestrial targets to a national satellite fleet that projects Israeli power globally. This signals an intent to challenge Israel’s strategic international capabilities, suggesting the adversary is growing more confident and ambitious. The Handala attack on AMOS-Spacecom is a serious, ongoing threat that cannot be dismissed despite the group’s tendency to exaggerate. The primary risk is not the leaked data itself but the future, more sophisticated attacks it enables, so the “assume breach” principle must be applied.

Critical infrastructure organizations like AMOS-Spacecom must adopt a heightened security posture. The following recommendations are key to mitigating the current threat and ensuring long-term resilience.