In the weeks following the escalation between the U.S., Israel, and Iran, widely referred to as Operation Epic Fury, another, less visible front began to take shape online.
While conventional military actions dominated headlines, a parallel conflict unfolded in the digital space, where perception, exposure, and timing became just as critical as firepower.
Amid heightened tensions and global attention, narratives started to shift rapidly. Information, both real and misleading, circulated at speed, blurring the line between verified events and speculation. What emerged was not just a series of incidents, but a broader pattern of digital activity designed to influence how the conflict was understood by the public.
Read: Amid War, Iran's Embassies Turn Memes And Trump Trolling Into A Tool Of Diplomacy
In this environment, cyber operations became more than technical intrusions. They evolved into tools of psychological pressure, capable of shaping reputations, undermining confidence, and amplifying uncertainty. The battlefield was no longer confined to geography; it extended into personal devices, private communications, and the wider information ecosystem.
And as the situation developed, it became increasingly difficult to separate substance from noise.
Genuine breaches, unverified claims, and recycled public data all began to coexist within the same narrative stream, each feeding into a growing sense that something larger and more coordinated was unfolding behind the scenes.
The first major breach emerged on March 20, when Handala claimed access to the email account of Deborah Oppenheimer, a former senior official involved in Israel’s intelligence and national security circles.
They claimed to have extracted and released more than 100,000 sensitive emails. The group framed it as exposing "Zionist propaganda, media manipulation, and covert operations" designed to promote Israeli interests globally. Israeli media treated the breach as genuine, noting it was part of a broader pattern targeting senior officials’ personal and work accounts.
Shortly afterward, between March 25 and 30, Handala escalated its campaign by announcing a breach of the personal Gmail account of Tamir Pardo, the former director of Mossad.
The group released a 14GB of documents and emails as "proof of concept." The material included sensitive personal correspondence, residential addresses, phone numbers (his and his assistant's), travel patterns, and internal documents. Among the highlights: a draft letter criticizing Israeli Prime Minister Benjamin Netanyahu and references to past operations, including alleged links to the assassination of Iranian nuclear scientists. Haaretz and other outlets confirmed the hack had occurred, describing it as part of Handala’s "hack-and-leak" psychological warfare campaign. The group even leaked some of Pardo's business-related emails and a letter addressed to the CIA chief.
On April 9, the campaign reached a new level with claims of prolonged access to a personal device belonging to Herzi Halevi, the former Chief of Staff of the Israel Defense Forces.
Handala said they had been "silently and relentlessly… right at the heart of General Herzi Halevi’s system" for years, collecting more than 19,000 confidential images and videos. What they published include footage and photos from sensitive military briefings, crisis rooms, and base visits; meetings with foreign officials that had been kept secret (e.g., with Jordan’s military chief and a previously undisclosed trip to Qatar involving U.S. Central Command leadership); strategic maps, classified documents, and clear (unblurred) faces of Israeli pilots, commanders, and security operatives; and personal and family moments mixed in with the professional material.
Taken together, these incidents reflect a deliberate strategy focused less on immediate operational disruption and more on psychological impact.
By exposing personal communications, internal dynamics, and glimpses of sensitive environments, the leaks aimed to undermine confidence, create reputational damage, and offer adversaries insight into the thinking and behavior of senior figures. This form of asymmetric cyber warfare prioritizes perception and long-term intelligence value over short-term tactical gain.
Against this backdrop, a separate post began circulating on April 10, claiming to reveal a comprehensive set of coordinates tied to Israeli intelligence sites, military facilities, and even private residences of political leaders.
The timing, coming just after a fragile ceasefire, gave the impression of a dramatic escalation and suggested that deeply classified information had been exposed.
However, closer examination revealed a far less alarming reality.
Unlike the earlier leaks, the coordinates post contained no supporting files, no internal documents, and no verifiable indicators of a breach. Instead, it presented a list of latitude and longitude points paired with brief descriptions—data that, in nearly every case, matched information already available through public sources such as satellite imagery, academic research, media reporting, and open-source intelligence platforms.
Locations such as Mossad’s headquarters in the Glilot area, major airbases, and even the Dimona nuclear facility have long been documented and discussed in public domains. Similarly, the listed residences associated with Benjamin Netanyahu corresponded to addresses that have been widely reported and photographed over the years.
None of this information required unauthorized access to secure systems; it could be compiled through basic research using widely accessible tools.
In the shadowy corners of the internet, some people try to post whatever they can: whether to help Iran, undermine Israel, embarrass the U.S., or simply chase attention in a moment of global tension.
What emerges from that chaos is not a single, coherent narrative, but a flood of competing claims, half-truths, and carefully packaged leaks. Some of it is real, backed by stolen data and quietly acknowledged by officials. But much of it is noise: recycled information, exaggerated claims, or entirely fabricated posts designed to ride the fear and curiosity surrounding the conflict.
This is not accidental.
Groups like Handala have helped blur the line between cyberattack and influence campaign, combining real intrusions with public messaging to amplify their impact. Analysts note that these operations are often designed as much for psychological effect as for technical disruption, turning even limited breaches into global headlines.
As a result, the online space becomes an extension of the battlefield itself. Information is weaponized, credibility is stretched, and timing becomes everything.
A single post, true or false, can spread rapidly if it aligns with what people already fear or expect to be happening behind closed doors.
In that environment, the most dangerous element isn't always the breach itself, but how things spread, and to whose hand the information fall.