Handala Hack Targets U.S. Troops with Doxxing Threats in Bahrain

Handala (aka Void Manticore / Storm-0842), an Iran-aligned intelligence-linked actor, has escalated from operations targeting Israeli infrastructure to attacks and doxxing against U.S. entities and personnel in 2026; the group has claimed destructive wiper campaigns (including a large disruption of Stryker via Microsoft Intune abuse), published doxxed records of thousands of U.S. service members, and uses a mix of custom wipers, social engineering, and legitimate admin channels — the report includes MITRE TTP mappings and actionable IOCs (IPs, URLs, file hashes).