Ransomware Group: HANDALA

VICTIM NAME: Amos Spacecom

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the HANDALA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

Handala Hack Team claims to have breached Amos Spacecom (Space Communication Ltd.), the operator of the AMOS satellite network. The attackers assert that all sensitive information—military, governmental, and security data transmitted and stored within Amos Spacecom’s infrastructure—has been captured. They describe the AMOS satellite network as enabling strategic communications for military and government agencies across Europe, the Middle East, Africa, and Asia, with operations in the C, Ku, and Ka frequency bands to provide secure data transmission and command-and-control capabilities for defense operations. The leak page states that 379 gigabytes of Amos Spacecom’s data, including data from 19 ground stations across six countries, are now in Handala Hack’s possession. As proof, the post mentions that thousands of orbital satellite communications will be released and includes one PoC download link on the page. The material is framed as highly sensitive, with an assertion that exposure could severely impact national security and disrupt essential defense operations. The page features 15 images as attachments, described only in general terms without detailing their specific content.

Post date: 2025-09-27 16:52:40.559718. Because a separate compromise date is not provided, this timestamp is treated as the post date. The page contains inflammatory political rhetoric and threats, delivered in a provocative tone, alongside claims of extensive data exfiltration. There is no explicit ransom amount stated on the page. A password-like token appears in the text (redacted in this summary), and there is a single PoC link offered as part of the leakage. The claim of 379 GB of exfiltrated data from 19 ground stations across six countries underscores the potential risk to Amos Spacecom’s satellite infrastructure and the defense communications it supports.