Pro-Iran Hacker Groups Launch Coordinated Cyberattacks Targeting Spotify and Israeli Citizens
A pro-Iran hacker collective, the Islamic Cyber Resistance in Iraq – 313 Team, claimed responsibility for a DDoS attack that disrupted Spotify’s services on Tuesday, causing widespread access issues for users. Reports of outages surfaced on Wednesday evening around 8 p.m., with Spotify acknowledging the incident on X (formerly Twitter), stating that its app, support site, and web player were experiencing slowdowns or failures. The group later boasted on Telegram that the attack had "completely disabled" the platform’s main servers.
In a separate campaign, Iran-linked hackers targeted Israeli citizens with threatening WhatsApp messages on Monday, sent from hijacked or spoofed business accounts. The messages, written in English, warned recipients of impending missile strikes if Israel did not cease military actions, referencing "Sayid Majid missiles" and urging civilians to stockpile supplies. The National Cyber Directorate is investigating the source, attributing the activity to Handala, a group known for combining cyberattacks with psychological warfare.
The same group, Handala, also published a "target list" on Sunday allegedly exposing 60 senior officers from the IDF’s Egoz commando unit. However, the list included only 48 individuals, most of whom were veterans and reservists not active officers with some openly identifying their past service on social media. The group framed the disclosure as a threat, declaring the individuals would become targets for "the resistance’s shadows." Analysis by The Jerusalem Post found that none of those listed held senior ranks, with the highest being a non-commissioned officer (NCO).
The incidents reflect a broader pattern of Iran-backed cyber operations targeting both digital infrastructure and civilian morale, leveraging disruptions and psychological tactics in ongoing regional tensions.
Source: https://www.jpost.com/middle-east/iran-news/article-896037
Israel Police - Cyber crime unit cybersecurity rating report: https://www.rankiteo.com/company/israel-police---cyber-crime-unit
Spotify cybersecurity rating report: https://www.rankiteo.com/company/spotify
WhatsApp cybersecurity rating report: https://www.rankiteo.com/company/whatsapp.
"id": "ISRSPOWHA1778675186",
"linkid": "israel-police---cyber-crime-unit, spotify, whatsapp.",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Global user base',
'industry': 'Music Streaming',
'location': 'Global',
'name': 'Spotify',
'size': 'Large',
'type': 'Company'},
{'customers_affected': 'Unknown number of WhatsApp '
'users',
'industry': 'General Public',
'location': 'Israel',
'name': 'Israeli Citizens',
'size': 'Unknown',
'type': 'Individuals'},
{'industry': 'Military',
'location': 'Israel',
'name': 'IDF Egoz Commando Unit Officers '
'(Veterans/Reservists)',
'size': '48 individuals',
'type': 'Individuals'}],
'attack_vector': ['Network Flooding',
'Spoofed/Hijacked Messaging Accounts',
'Public Data Leak'],
'customer_advisories': 'Spotify acknowledged service disruptions on X '
'(formerly Twitter)',
'data_breach': {'number_of_records_exposed': '48',
'personally_identifiable_information': 'Yes (names, military '
'service details)',
'sensitivity_of_data': 'Moderate (personal but not highly '
'classified)',
'type_of_data_compromised': 'Personal information (names, '
'military affiliation)'},
'date_detected': '2023-10-18T20:00:00Z',
'date_publicly_disclosed': '2023-10-18T20:00:00Z',
'description': 'A pro-Iran hacker collective, the Islamic Cyber Resistance in '
'Iraq – 313 Team, claimed responsibility for a DDoS attack '
'that disrupted Spotify’s services, causing widespread access '
'issues. Separately, Iran-linked hackers targeted Israeli '
'citizens with threatening WhatsApp messages and published a '
'target list of IDF officers.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to '
'Spotify and WhatsApp due to service '
'disruptions and misuse of accounts',
'data_compromised': 'Personal information of 48 individuals (IDF '
'veterans/reservists)',
'downtime': 'Widespread access issues (duration unspecified)',
'identity_theft_risk': 'Moderate (exposure of personal data of '
'IDF-affiliated individuals)',
'operational_impact': 'Service slowdowns or failures for Spotify '
'users',
'systems_affected': ['Spotify app',
'Spotify support site',
'Spotify web player',
'WhatsApp business accounts']},
'initial_access_broker': {'high_value_targets': 'IDF Egoz commando unit '
'officers '
'(veterans/reservists)'},
'investigation_status': 'Ongoing (National Cyber Directorate)',
'motivation': ['Disruption of Services',
'Psychological Impact',
'Regional Tensions'],
'references': [{'source': 'Telegram (Islamic Cyber Resistance in Iraq – 313 '
'Team)'},
{'source': 'X (formerly Twitter) - Spotify'},
{'source': 'The Jerusalem Post'},
{'source': 'National Cyber Directorate (Israel)'}],
'response': {'communication_strategy': 'Spotify acknowledged the incident on '
'X (formerly Twitter)',
'law_enforcement_notified': 'National Cyber Directorate '
'(Israel)'},
'threat_actor': ['Islamic Cyber Resistance in Iraq – 313 Team', 'Handala'],
'title': 'Pro-Iran Hacker Groups Launch Coordinated Cyberattacks Targeting '
'Spotify and Israeli Citizens',
'type': ['DDoS', 'Psychological Warfare', 'Data Exposure']}