Welcome to Memetic Warfare.

This week we’ll take a look at Handala yet again and one of their latest ventures, RedWanted.

You may have thought that I’d refer to thei latest leak of data from an Israeli political official, but it’s frankly kind of boring. Seems they SIM-swapped him and got access to his messenger accounts and it’s already covered ad nauseum in mainstream media.

So, that story aside, their latest operation of note is named “RedWanted”. RedWanted is their attempt to doxx and expose Israeli engineers allegedly responsible for Israeli missile defense systems.

Handala, an Iranian MOIS-affiliated actor and one of Iran’s most prolific cyber-enabled IO actors, has been up to these shenanigans for a while now (in this case even before their same release of a former Israeli prime minister’s Telegram message backlog) and it seems to me part of a broader trend here: relying on data scraped from LinkedIn or other sources, or just made up, trying to serve a higher operational tempo and trying to get mainstream media coverage in Israel for it (which they do).

RedWanted has offered a reward of 30,000 USD for “valuable information”, though I highly doubt they’d actually pay it in this case to anyone who provides it.

Check out the screenshot from the new domain below:

They’ve added an “official statement”, saying that they aspire to “usher in a new era” in which they claim to release data every Saturday:

They’ve even created a promotional video to amp up the project:

Since this batch, they’ve moved on to drone developers and other groups, and seemingly can’t stop/won’t stop targeting the Israeli defense-industrial base, though seemingly to no avail. They’ve since begun promoting their next leak (which will be released by the time this post is published, if their timer is accurate) claiming to expose information on Israel’s current prime minister. Let’s see what happens next.

I usually prefer to just dive into a few longer pieces, but this week due to a time constraints I will be recommending some publications below:

• ETF’s look at cyber/influence operaitons targeting the space sector, including a lot in Israel. Has a refreshing perspective in that it’s one of the few academic papers that really gets cyber and influence together.

• Silent Push’s look at bulletproof hosting providers, available here.

• Rappler’s look at Chinese influence operations run via a marketnig company in the Philippines, available here.

I’ll finish this with an update: for what I believe may be the first or second time since starting Memetic Warfare, there is a non-zero chance that I don’t publish a new post for a week or two.

See you all soon.