Disclaimer: This is a cybersecurity blog focused primarily on reporting the technical aspects surrounding the event. While we acknowledge the geopolitical implications of certain events and recognize that our reporting may lean towards the Western perspective, our goal is still to keep the discussion centered around technology, potential supply chain attacks, and their security implications.
As you may already read, a recent incident in Lebanon involved the explosion of communication devices, specifically IC-V82 radios.
These radios, that were discontinued for several years, were reportedly used by Hezbollah members in Lebanon and parts of Syria. The explosions resulted in thousands of injuries and several deaths were reported. Initial reports suggest that these devices may have been tampered with, potentially after procurement, raising concerns about the safety and integrity of communication equipment in conflict regions, and honestly worldwide.
Given this nature of the attack, it was expected to stir paranoia. I can honestly say that many friends and family members have become increasingly wary of portable devices. As we uncover at the moment, ordinary devices can become tools of destruction if compromised. We can only ask, during this state, what else has already be tampered with.
Back to the news, since May 2024, the pro-Palestinian hacktivist group Handala has been actively targeting Israeli organizations. They are known for their aggressive tactic, following a familiar pattern: wiping systems, exfiltrating sensitive data, and publicly leaking it.
As Handala ramps up their operations (possibly by collaborating with other threat actors), they’ve recently made bold and alarming claims regarding a large-scale supply chain attack involving Israeli companies Vidisco and Israeli Industrial Batteries (IIB), with alleged ties to Mossad and Unit 8200.
Handala’s Statement on the Operation
The operation of the last two days was a series of joint actions of the Mossad and Unit 8200 and a number of shell companies of the Zionist regime! Handala’s hackers, during extensive hacking in recent hours, were able to obtain very secret and confidential information from the operations of the past days, and all the documents will be published in the coming hours!
The group provided a detailed summary of the operation:
- Supply Chain Attack. Contaminated pager batteries with heat-sensitive explosives were planted at the country of origin.
- Companies Involved. The contamination allegedly took place at IIB, an Israeli company producing energy infrastructure for defense and military industries.
- Mossad’s Role: Mossad reportedly coordinated the transport of these explosives to bypass detection.
- Vidisco Involvement. Vidisco’s backdoor technology, used in X-ray systems at global airports and seaports, allegedly allowed Mossad to smuggle these batteries undetected.
- Data Breach. Handala claims to have hacked Vidisco and IIB, obtaining 14TB of sensitive data, including source code and confidential communications.
Credibility of Handala’s Claims
While Handala has a track record of accurately naming victims in previous attacks there is yet tangible proof.
Handala has previously demonstrated credible targeting of victims, however, this particular operation is more complex and international in scope, so we will keep our caution with the information.
The exploding walkie talkies origin
The device manufacturer that was linked to the Lebanese battery explosion is Icom, a Japanese radio and walkie-talkie manufacturer. They clamed that the damage was centered around the battery compartment, and the product may have been tampered with after procurement.
According the company’s director, Yoshiki Enomoto, they have yet to confirm whether the specific devices involved in the incident were authentic Icom products, as you may guess, many counterfeit versions exist in the market.
We cannot rule out the possibility that they are fakes, but there is also a chance the products are our IC-V82 model
However, he acknowledged that some of the affected devices could have been Icom’s discontinued models.
It is difficult to determine the distribution channels without checking the serial numbers
Moving Forward
As of September 19th, 2024, Handala has begun dumping data on Telegram, claiming to show cooperation between Mossad and Vidisco.
I will continue monitoring this story as more information becomes available.
Update: As of 3 PM on September 19th, Handala has begun releasing data dumps on Telegram, claiming the files include sensitive cooperation documents between Mossad and Vidisco. Further verification and analysis are expected in the coming hours.
Update 20’th September: As of the latest updates, the series of explosions in Lebanon involving Icom IC-V82 radios has escalated, resulting in a death toll of 37. (Source)
Icom has confirmed that the devices were discontinued in 2014 and that they are actively investigating the situation.
Update October:
Handala continued its cyber offensive, releasing a significant data leak involving 20GB of sensitive Israeli information. This leak includes details of 84 individuals reportedly linked to the Lebanon radio explosion incident, as well as confidential administrative documents from Vidisco. Handala claims these documents expose deeper ties between Vidisco and Mossad, including allegations that Vidisco’s X-ray systems contain backdoors exploited by Israeli intelligence to monitor global airport security.
The group also released 6TB of data allegedly taken from Vidisco and Israeli Industrial Batteries (IIB), which includes internal communications and backdoor source codes. This leak, according to Handala, could potentially escalate the conflict by revealing ties between IIB and Hezbollah, including claims of explosive-laden batteries.
Image by DC Studio on Freepik