US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes.
The messages, which began arriving on Monday, came signed by the Iran-linked Handala hacking group, that has spent much of 2026 attacking US and Israeli targets.
According to media reports, messages sent to marines at Naval Support Activity Bahrain read:
“Your identities are fully known to our missile units, and every move you make is under our surveillance. Very soon, you will be targeted by our Shahed drones and Kheibar and Ghadeer missiles… We suggest you call your families now and say your final goodbyes.”
The messages reportedly arrived from a Bahraini phone number registered to a local business – most likely because it had been spoofed or hijacked.
A day later, the Handala hacking crew took to its Telegram channel to announce that it had published the names and phone numbers of 2,379 US Marines stationed in the Persian Gulf. The group also boasted that it knows the home addresses and family details, as well as daily commutes, shopping habits, and “nightly leisure activities” of tens of thousands of US military personnel in the region.
Handala, which first surfaced in late 2023, presents itself as a pro-Palestinian hacktivist group. The US Department of Justice, however, publicly identifies it as a cover operation for Iran’s Ministry of Intelligence and Security.
In recent months the group has been very active, with a highly-publicised attack on US medical technology firm Stryker which saw tens of thousands of devices wiped, as well as the breach of FBI Director Kash Patel’s personal Gmail account.
Handala’s claims can not be taken completely at face value. There is a long history of state-sponsored hacking groups recycling old breaches, padding leaks with publicly-available information, and presenting incidents as an intelligence coup. In short, it is quite possible that what Handala “knows” about the US Marines may well have been scraped from data brokers and social media rather than have been gathered recently from secure systems.
But that doesn’t negate the point that the point of a campaign like this is to scare and destabilise members of the US armed forces. If a Marine receives a WhatsApp message naming them and threatening their family, it does not really matter where the data came from.
In short, hackers whether targeting regular members of the public or the armed forces will often try to short-circuit your judgement, and fluster you into taking rash decisions, by making threats that they may have no means to put into action.