Hackers hijack emergency sirens in kindergartens across Israel

A pro-Palestinian hacker group called Handala reportedly breached emergency systems used in Israeli schools and broadcast rocket sirens and Arabic songs that Israel’s cyber agency called supportive of “terrorism.” Videos shared by Israeli local media appear to show the emergency devices activating and playing songs.

מתקפת סייבר: האקרים השתלטו על מערכות כריזה בכ-20 גני ילדים ומוסדות חינוך והשמיעו הודעות בערבית או התרעות צבע אדום. קבוצת תקיפה אירנית מוכרת (handala) קיבלה אחריות. בנוסף, עשרות אלפי אזרחים קיבלו מסרונים עם מסרי הפחדה (ארז דסה) pic.twitter.com/H4QmbQczhv

— זירת החדשות (@ZiratNews) January 26, 2025

The hackers claimed to have compromised Maagar-Tec, an Israeli electronics firm that operates panic button systems in schools. The company told local media it had disconnected the affected systems and was investigating the breach. Approximately 20 kindergartens, among other educational institutions were impacted, according to reports. The group said it wiped the company's system after sending the alerts.

Maagar-Tec’s website was offline at the time of writing. Israel’s security agencies have launched an investigation into the incident, with the Israel National Cyber Directorate confirming its collaboration with the company and the Ministry of Education to restore services.

“An investigation shows that a cyber group hacked into the interface of a private company that supplies the panic buttons and played songs supporting terrorism and an alarm through it,” the Israel National Cyber Directorate said, in a statement translated to English.

Handala also claimed responsibility for sending intimidating text messages to tens of thousands of Israelis, which the cyber agency said were non-malicious and intended to spread fear. Citizens were advised to block and ignore the messages. The hackers reportedly accessed a Maagar-Tec database to launch the text message campaign.

In a separate claim, Handala alleged on Sunday it had breached Israel’s National Security Ministry servers, stealing four terabytes of sensitive data, including internal communications, video recordings, and personal records of police officers and firefighters. These claims have not been verified by Israeli authorities.

Cybersecurity researchers previously described Handala as a sophisticated group with alleged ties to Iran, often targeting Israel in cyberattacks. While Handala presents itself as motivated by pro-Palestinian ideology, Trellix cautioned last July this could be a façade for other objectives.

In July, Handala took credit for a phishing campaign impersonating cybersecurity firm CrowdStrike, attempting to install wiper malware on Israeli networks. In a statement, the hackers claimed to have launched other attacks, including targeting Israeli Iron Dome radars.