Operation HamsaUpdate: A Sophisticated Campaign Delivering Wipers Puts Israeli Infrastructure at Risk

Operation HamsaUpdate is an active, targeted phishing campaign that lures Israeli administrators with F5 BIG-IP-themed messages to execute a multi-stage payload; it deploys a Windows wiper (Hatef) and a Linux wiper (Hamsa) via C# and obfuscated shell/script loaders and a Delphi/AutoIt second-stage (Handala), reports progress to a Telegram channel, and includes numerous IOCs (file hashes, URLs, bot and channel IDs, and a C2 IP).