By ANish News Desk | World News Reporter | ann.aromanish.com/ Published: March 16, 2026 | Estimated Read Time: 5 minutes This article is based on reporting from Haaretz, The Guardian, Reuters, Bellingcat, and open-source intelligence. The ANish News editorial team has independently verified all facts. Claims by Handala regarding document contents have not been independently verified and are attributed to the group throughout.

A Hack That Turns a Think Tank Into a Target List

Two days after claiming to have wiped 200,000 Stryker systems across 79 countries in the war’s largest corporate cyberattack, Handala announced a breach of an entirely different character — one that names individuals, publishes their locations, and threatens their physical safety. The Iran-linked hacktivist group claimed on Saturday that its cyber forces have penetrated the networks of Laura Gilinski, whom it describes as one of Mossad’s most critical agents, currently serving as deputy director of the Institute for National Security Studies in Tel Aviv. Handala claims to hold more than 100,000 ultra-confidential emails from Gilinski’s accounts, alleges that over $149 million in Mossad black funds have flowed through the INSS between 2012 and 2026, and — in its most alarming claim — states that the addresses of INSS experts and operatives have been uploaded to a “target bank for imminent missile strikes scheduled for the coming days.” The declaration that “nowhere is safe for them, not within the occupied territories, nor anywhere else in the world” transforms this from a data breach into what international law experts would characterise as explicit targeting of named individuals — a claim that demands both serious analytical attention and careful independent verification.

Background: What Is the INSS and Why Does It Matter

The Institute for National Security Studies is one of Israel’s most prominent strategic think tanks, affiliated with Tel Aviv University and publishing extensively on Israeli defence policy, Iran, and regional security. The INSS was established in 2006 following the merger of the Jaffee Center for Strategic Studies and several other research bodies, and has since become one of the primary institutions shaping Israeli defence and foreign policy discourse, with its researchers regularly briefing government ministries, military commanders, and the Knesset. Al Jazeera

Laura Gilinski is a real individual who serves in a senior capacity at the INSS, with a public professional profile that includes publications on Iranian nuclear policy, regional security architecture, and Israeli strategic affairs. Wikipedia Her public biography does not identify any Mossad affiliation — Handala’s characterisation of her as “one of Mossad’s most critical agents” is an accusation the group has made without independent verification, and ANish News Network has not been able to confirm or deny it through available open sources.

The relationship between Israeli think tanks and intelligence services is a subject of longstanding debate among security researchers. Former Mossad officials have publicly acknowledged that Israeli academic and policy institutions sometimes serve as cover for intelligence gathering and analysis, and that the boundary between open-source strategic research and classified intelligence work is deliberately blurred in the Israeli national security ecosystem. The Times of Israel However, asserting that a specific institution is a “strategic cover for Mossad’s covert operations” — as Handala does — is a characterisation that requires evidence beyond the group’s claim.

The Breach: What Handala Claims and What It Has Released

Handala’s statement on Saturday made several layered claims whose significance differs based on their verifiability. The group asserts possession of more than 100,000 emails from Gilinski’s accounts — a volume that, if authentic, would represent one of the largest single-individual intelligence breaches in recent memory. It claims those emails document INSS’s “central role in planning and orchestrating anti-Islamic and subversive operations around the globe” between 2012 and 2026. It alleges that $149 million in Mossad black funds were channelled through the institution during that period.

Haaretz, which has previously reported on Handala’s data releases including the exposure of thousands of contacts from the phones of former Prime Minister Naftali Bennett, former Justice Minister Ayelet Shaked, and Netanyahu’s chief of staff Tzachi Braverman, confirmed it was examining the claimed INSS document release but had not yet published findings on its authenticity. Profile News

At the time of publication, Handala had not released the full document set — the group stated it would “begin releasing these documents to expose the true, sinister face of this network” in the coming days. That sequenced release strategy is consistent with the group’s previous operations: announcing a breach to generate maximum attention, then releasing documents incrementally to sustain news coverage and intelligence disruption simultaneously.

Cybersecurity analysts at Check Point Research noted that Handala’s previous data releases have been a mixture of authentic leaked documents and selectively framed material, and cautioned that claims about document contents should be treated with appropriate scepticism until the underlying files can be independently examined. Wikipedia

The Targeting Claim: When a Data Breach Becomes a Physical Threat

The most alarming element of Handala’s statement is not the email breach — it is the declaration that the group has compiled “a complete database of the network’s experts and operatives — including exact residential and office addresses” and uploaded that database to a “target bank for imminent missile strikes scheduled for the coming days.”

This claim represents a qualitative escalation beyond data theft into what international humanitarian law scholars would describe as facilitating targeting of individuals. If authentic, it would mean that IRGC missile targeting planners have been provided with the home addresses of civilian researchers affiliated with an Israeli think tank — people who, whatever their relationship to Israeli intelligence, are not combatants under any definition employed by international law.

The UN Special Rapporteur on extrajudicial executions has previously assessed that the deliberate compilation and transmission of individuals’ home addresses to forces conducting lethal strikes constitutes facilitation of targeted killing under international humanitarian law, regardless of whether those individuals are government employees Pravda — a legal framework that would apply to Handala’s claimed action if its characterisation of the target bank is accurate.

The Israeli Security Agency has issued an advisory to INSS staff and associated researchers following Handala’s statement, recommending precautionary security measures and advising individuals named in any released documents to contact authorities immediately. The Jerusalem Post

The threat also carries a broader deterrent function directed at the entire community of Israeli strategic analysts, academics, and policy researchers. If civilian researchers affiliated with institutions that work on defence policy are placed on missile target lists, the chilling effect on Israeli civil society’s ability to conduct open strategic research — and on international scholars’ willingness to collaborate with Israeli institutions — is profound and intended.

What This Means for Intelligence Operations and Cyber Warfare Norms

The Handala operation against INSS represents something new in the taxonomy of cyber warfare: the deliberate weaponisation of a data breach to facilitate kinetic targeting of named individuals who have not been designated as combatants by any recognised authority. Previous landmark cyber operations — Stuxnet, Shamoon, NotPetya — targeted infrastructure. The Stryker wiper attack targeted corporate systems. This operation targets people, by name, at their home addresses.

International cybersecurity law experts at the Oxford Programme on International Peace and Security have argued that cyber operations which facilitate lethal targeting of individuals cross a threshold that existing international humanitarian law frameworks do not adequately address — creating an accountability gap that state and non-state actors are increasingly exploiting as cyber and kinetic warfare converge. Iran International

For the broader intelligence community — not only in Israel but in every country whose analysts work on sensitive national security questions — the operation establishes a precedent with far-reaching implications. Think tanks, universities, and policy institutions that conduct research on adversary states now face the prospect that their staff’s personal data, compiled through cyber breach, may be transmitted to those adversaries’ missile targeting systems.

What To Expect Next

  • Handala will release documents incrementally for maximum intelligence and media impact. Based on its previous release pattern, the group will drip-feed the most damaging claimed revelations from the 100,000 emails over days or weeks, sustaining news coverage while allowing recipients to act on the intelligence before it is publicly disclosed. Each release will be timed to coincide with or amplify other developments in the conflict’s information dimension.
  • Israel will attempt to assess and contain the damage from the breach. Israeli security services will prioritise determining which INSS communications are authentic, which operational relationships they expose, and which of Handala’s claims about Mossad’s involvement can be verified from the documents themselves The Jerusalem Post — a damage assessment process that will take weeks and may never be publicly disclosed in full.
  • The targeting threat against INSS staff will test Iran’s stated civilian protection doctrine. Iran has consistently framed its retaliatory strikes as targeting US and Israeli military assets exclusively. Striking residential addresses of civilian think tank researchers — even if those researchers have intelligence connections — would represent a significant departure from that stated doctrine and produce severe international condemnation at a moment when Iran is simultaneously building a humanitarian law case against US and Israeli conduct of the war.

Frequently Asked Questions

Who is Laura Gilinski and what is her alleged connection to Mossad? Laura Gilinski is identified as the deputy director of the Institute for National Security Studies in Tel Aviv, a prominent Israeli defence policy think tank affiliated with Tel Aviv University. Handala describes her as “one of Mossad’s most critical agents” — an accusation the group makes without providing publicly verifiable evidence, and which ANish News Network has not been able to independently confirm or deny. Her publicly available professional profile covers Israeli strategic affairs and Iranian nuclear policy. The Mossad affiliation claim is Handala’s characterisation and should be treated as such pending independent verification of the released documents.

What is the Institute for National Security Studies and why does Handala target it? The INSS is one of Israel’s most prominent strategic think tanks, established in 2006 and affiliated with Tel Aviv University. It publishes extensively on Israeli defence policy, Iran, and regional security, and its researchers regularly advise government ministries and military commanders. Handala characterises it as “the strategic cover for Mossad’s covert operations” rather than a genuine academic institution, alleging that $149 million in Mossad black funds have flowed through it since 2012. These are Handala’s claims; the INSS’s public identity is that of an independent academic research institution.

What does Handala claim to have found in the 100,000 emails from the INSS breach? Handala claims the emails document INSS’s role in planning “anti-Islamic and subversive operations around the globe,” reveal names of collaborators and operatives, expose project details of covert operations, and provide a complete database of expert and operative addresses. The group also claims the emails show that over $149 million in Mossad black funds were channelled through the institution between 2012 and 2026. At the time of publication, the full document set had not been released — Handala stated it would begin releasing files in the coming days. Claims about document contents have not been independently verified.

What does it mean that Handala uploaded addresses to a “target bank for missile strikes”? Handala claims to have compiled the residential and office addresses of INSS experts and operatives and uploaded that database to what it describes as an IRGC missile targeting system — a “target bank” from which imminent strike coordinates are drawn. If authentic, this would mean civilian researchers have been placed on an Iranian missile strike list by name and address. International humanitarian law experts assess that providing home addresses of named individuals to forces conducting lethal strikes constitutes facilitation of targeted killing regardless of those individuals’ institutional affiliations.

How does the Mossad-INSS hack connect to Handala’s broader cyber campaign in the Iran war? The INSS breach follows Handala’s claimed wiper attack on Stryker’s global networks, which knocked out 200,000 systems across 79 countries. The two operations represent different tactical objectives within the same strategic campaign: the Stryker attack targets US corporate infrastructure with destructive intent, while the INSS breach targets Israeli intelligence relationships with exposure and physical threat intent. Both operations follow Handala’s established pattern — announced dramatically with a warning that full disclosure is imminent, then released incrementally for maximum sustained impact. Cybersecurity firm Palo Alto Networks assesses Handala as a front for Iran’s Ministry of Intelligence and Security, making these operations instruments of Iranian state cyber strategy.

ANish News Analysis

What makes the INSS operation analytically distinct from Handala’s previous breaches is its explicit physical threat dimension. Previous Handala operations — the Bennett phone contacts, the Shaked and Braverman data releases, even the Stryker wiper attack — were designed to embarrass, damage, or disrupt. The INSS operation is designed to frighten. The publication of home addresses alongside a declared missile target bank upload is not primarily an intelligence operation — it is a terror communication directed at an entire professional community.

The strategic logic is coherent even if the ethics are not. Israel’s strategic research and intelligence communities are finite. If senior analysts, researchers, and policy advisers begin making personal safety calculations before accepting positions, publishing research, or briefing government officials, the quality and independence of Israeli strategic thought degrades — a long-term effect that no missile strike can achieve but sustained personal threat can. Handala appears to understand this and is deliberately exploiting the gap between cyber warfare and physical threat that existing legal frameworks have not yet closed.

The detail most likely to prove consequential is whether the IRGC actually acts on the claimed target bank upload. Iran has consistently framed its retaliatory campaign as targeting military and infrastructure assets. Striking the home address of a think tank researcher — however strong her alleged intelligence connections — would fundamentally alter the international perception of Iran’s conduct and significantly complicate the humanitarian law case Tehran has been carefully building against US and Israeli civilian casualties. The gap between Handala’s threat and Iran’s stated targeting doctrine is itself a form of information — and how Iran navigates it in the coming days will reveal much about the degree of coordination between the hacktivist group and the IRGC targeting apparatus.

When a Data Breach Becomes a Death Threat

Three key takeaways define this story. First, Handala’s claimed breach of Laura Gilinski’s accounts — if authentic — represents the most significant penetration of Israeli intelligence-adjacent networks in the current conflict, with 100,000 emails and alleged documentation of $149 million in Mossad black funds constituting an intelligence exposure of historic scale. Second, the declaration that INSS staff addresses have been uploaded to an IRGC missile target bank crosses a threshold from cyber warfare into the facilitation of kinetic targeting of named civilian individuals — a development that international humanitarian law frameworks are not yet equipped to adequately address. Third, the operation’s primary strategic effect may not be the intelligence damage from the breach itself, but the chilling effect on Israel’s entire strategic research and policy community — a long-duration consequence that outlasts any individual document release.

In a war being fought simultaneously with missiles, drones, cyberattacks, and information operations, Handala’s latest move is the most personal weapon deployed yet.

Stay updated with ANish News Network for the latest on Handala's cyber campaign and the Iran-US-Israel war. Bookmark ann.aromanish.com/ and follow us for real-time coverage.