The Handala threat group claims to have carried out a cyberattack targeting the Port of Fujairah in the United Arab Emirates, alleging unauthorized access to internal systems and the exfiltration of hundreds of thousands of sensitive documents.
In a statement published May 4, the group claimed responsibility for breaching port infrastructure systems and obtaining more than 430,000 documents, including what it described as classified operational and infrastructure data. The claim follows a series of recent operations attributed to the group, including alleged breaches of defense sector organizations and claims involving exposure of military-related data. At time of publication, authorities in the UAE had not issued any public statement confirming the incident.
Group alleges access to infrastructure and shipping data
According to the claim, the alleged dataset includes contract records, ship traffic information, financial transactions, and detailed maps of oil pipelines and critical infrastructure associated with the port.
Handala claims the data has been made available through its own channels, though no independent verification has confirmed the authenticity or scope of the materials described.
If legitimate, the exposure of infrastructure mapping and operational data could present serious security implications, particularly given Fujairah’s role as a major oil storage and shipping hub in the region.
The group also shared screenshots of purported internal documents, including customs records, invoices, and shipping-related forms, as evidence of the breach. The materials appear consistent with logistics and trade documentation, but their authenticity has not been independently verified.
Claims of coordination with military activity remain unverified
The group also alleges that the cyber operation was coordinated with missile strikes carried out by Iran’s Islamic Revolutionary Guard Corps (IRGC), claiming that the exfiltrated data was used to support targeting of the port.
There is currently no independent confirmation supporting these claims, and no official reports have verified that any cyber-derived intelligence was used in military operations tied to the port.
Such assertions are consistent with information operations aimed at amplifying the perceived impact of cyberattacks during periods of geopolitical tension.
Part of broader campaign targeting regional infrastructure
The alleged attack aligns with a broader pattern of activity attributed to Handala, which has repeatedly claimed operations targeting critical infrastructure and enterprise environments. These include large-scale destructive campaigns against business networks and long-term access to cloud infrastructure environments.
In parallel, broader pro-Iranian cyber activity has escalated across the region, including coordinated campaigns targeting multiple countries, reflecting a growing overlap between cyber operations and geopolitical conflict.
Verification and operational impact remain unclear
There is currently no confirmation that the Port of Fujairah has been breached or that any systems have been compromised. The extent of any operational disruption, if any occurred, remains unknown.
The method of access, timeline of the alleged intrusion, and validity of the claimed data remain unverified. As with similar claims, it is not clear whether the data represents a direct compromise, previously exposed information, or aggregated sources.
Organizations operating in critical infrastructure sectors across the region may face elevated risk of both cyber intrusion attempts and coordinated information operations as tensions continue.
