US Marines stationed around the Persian Gulf received WhatsApp messages from strangers warning them to call home and say their final goodbyes, after the Iran-linked Handala hacking group claimed it had published personal data on 2,379 Marines.
KEY FACTS
- Threats Messages said Marines were under surveillance and would be targeted by missiles and drones.
- Claimed leak The group said it posted names and phone numbers of 2,379 US Marines.
- Timing The messages began arriving on Monday and were followed by a Telegram disclosure a day later.
- Source of messages The WhatsApp texts reportedly came from a Bahraini phone number tied to a local business.
The messages sent to Naval Support Activity Bahrain included a warning that the recipients were fully known to missile units and should make final goodbyes. According to a media report, the number used to send the texts was linked to a Bahraini business, which suggests it may have been spoofed or hijacked.
Handala said on its Telegram channel that it had published the names and phone numbers of the Marines and that it also had home addresses, family details and daily routines for tens of thousands of US military personnel in the region. The report said the group has been active through 2026 and has struck US and Israeli targets.
The group describes itself as pro-Palestinian hacktivists, while the US Department of Justice identifies it as a cover operation for Iran’s Ministry of Intelligence and Security. The disclosure also noted that claims from state-linked hacking groups may include old breaches or public data mixed together with fresh material.
In recent months, the group has been tied to attacks on US medical technology firm Stryker and to the breach of FBI Director Kash Patel’s personal Gmail account, according to the report. The use of direct threats against service members appears aimed at intimidation even if the data was assembled from public or brokered sources.
WHY IT MATTERS
The campaign shows how threat actors can use personal details and direct messages to pressure military personnel and their families. Even when the underlying data cannot be independently verified, the messages can still create fear and disruption.