Iranian-Linked Hackers Leak Thousands of Israeli Military CVs: Strategic Exposure Through Hybrid Warfare

July 11, 2025

In a striking escalation of hybrid warfare, Iranian-affiliated hackers have leaked thousands of detailed résumés belonging to current and former members of Israel’s most sensitive military and intelligence units. More than a data breach, the operation exposes the structural vulnerability of Israel’s defense-to-tech pipeline—where elite IDF experience forms the foundation of civilian cybersecurity and AI industries. By targeting this overlap, Iran is not only gathering long-term intelligence but also aiming to discredit, destabilize, and erode the deterrent edge of the Israeli security apparatus.

An Iranian-affiliated cyber group has leaked a trove of Israeli defense-related résumés, exposing thousands of individuals connected to elite Israeli military, intelligence, and cyber units. The leak, which appears to stem from a breach of the JobInfo recruitment platform or a third-party database, affects current and former members of sensitive units such as Unit 8200, Unit 81, Unit 3060, and Mossad-linked projects. It is one of the most damaging exposures of Israel’s security ecosystem to date and follows a pattern of Iranian "hack-and-leak" operations designed to degrade Israeli deterrence and sow fear within its security and tech communities.

The CVs date from 2014 to 2024 and include names, home addresses, phone numbers, emails, military units, roles, projects, and post-service employment—often with Israeli and international defense contractors. Some individuals now hold executive or technical positions in companies like NSO Group, Elbit, Rafael, and even global tech giants. A few were linked to cyberwarfare, surveillance systems, and drone operations. One résumé belonged to a cyber officer involved in electronic warfare in Gaza; another to a senior AI researcher who served in an elite intelligence unit. Their full contact details were exposed.

The leak is the latest in a string of Iranian cyber operations—at least 20 documented since 2021—targeting Israeli officials, scientists, and infrastructure. These operations often combine espionage, doxxing, and psychological warfare. The perpetrators, likely the group Handala Hack or an affiliated front, have developed sophisticated techniques to exploit Israel’s military-to-civilian talent pipeline. Veterans from elite IDF units often showcase their experience on platforms like LinkedIn or include technical roles in job applications. This structural trait of Israel’s national innovation system—where defense experience is a core asset in tech careers—has become a strategic vulnerability.

While it remains unclear whether the original breach targeted JobInfo directly or an associated data processor, cybersecurity officials believe the attackers exfiltrated the database months before the leak. The scope of the operation suggests long-term targeting, possibly supported by human intelligence or previous phishing campaigns. Israeli authorities say they are investigating a possible third-party failure and have imposed emergency regulations requiring defense-related firms to upgrade cybersecurity controls.

The implications are severe. Individuals exposed in the dump may face travel bans, surveillance, foreign intelligence targeting, or even arrest under hostile jurisdictions. Indeed, pro-Palestinian groups have already begun using the data to identify and publicize Israeli citizens abroad. Several names have appeared in Telegram channels, accompanied by photos and calls for "accountability." One former drone operator was harassed while traveling in a European country. The use of open-source intelligence and civil legal pressure as a complement to cyber leaks marks a new phase in Iran’s hybrid strategy.

This operation also underscores the erosion of the firewall between classified service and private tech careers in Israel. The digital paper trail of IDF veterans—often detailed and searchable—offers adversaries a map of how military innovation feeds into commercial and dual-use technologies. Iranian intelligence appears to be leveraging these leaks to build targeting profiles, both for psychological effect and strategic counterintelligence. Former cyber operators are especially at risk.

Previous Iranian campaigns had already targeted nuclear scientists, Shin Bet operatives, and individuals linked to Israel’s satellite and missile programs. In one case, an Israeli nuclear official’s details were leaked alongside family information and flight history. In another, an email account belonging to a high-ranking Mossad officer was compromised and impersonated in spear-phishing emails to journalists and researchers.

Since the war in Gaza began, Iran has stepped up its hybrid warfare playbook. The leak of CVs marks a shift toward soft-target exploitation: instead of going after hardened infrastructure, attackers now aim at the exposed transition zone between national service and civilian life. Israel’s tech economy, reliant on military-trained talent, is increasingly at risk.

For Iran, these operations serve multiple goals: discredit Israel’s image, undermine recruitment and morale, seed doubt about operational security, and gather long-term intelligence on the country’s defense ecosystem. For Israel, the response will likely require rethinking not just digital security protocols but the cultural norms around post-service transparency and career progression.

This is no longer about hacking for headlines—it’s about weaponizing visibility, building cumulative pressure, and blurring the lines between civilian and military in the eyes of the world.