Hackers Threaten to Expose Cooperation Between Arab Gulf States and Israel 

A group of hackers allegedly linked to Iran has threatened to release a cache of classified documents and diplomatic correspondence, exposing intelligence cooperation between Israel and Arab Gulf states, demanding increased humanitarian aid to the Gaza Strip to the tune of 600–800 trucks per day to prevent a looming famine.

Source familiar with the matter told Eagle Intelligence Reports that a group identifying itself as “Khiyanahleaks” sent an email titled “Ensure Immediate Aid to Gaza or Eternal Shame on Your Government” to senior officials in the Arab Gulf states. The message claimed the group possesses evidence of covert intelligence collaboration between these states and Israel, demanding the daily delivery of 5,000 metric tons of aid (roughly 500 trucks) to Gaza.

The hackers demanded that 5,000 tons of aid be delivered to Gaza daily or they would release the documents related to intelligence cooperation with Israel

To lend credibility and seriousness to their threat, the group attached a PGP public key and its corresponding fingerprint — a widely used encryption standard for securing digital communications.

In a marked escalation, the hackers also released a 20-megabyte encrypted file via a Tor V3 onion service in a post on their Arabic Telegram channel. The password has not been disclosed, but the group warned it would release the decryption key if their demands are not met, heightening concerns about the exposure of sensitive diplomatic and intelligence materials in the event that the documents prove authentic.

Tor V3, the third generation of onion services within the Tor Network, enables the hosting of websites and services inaccessible via the traditional internet (Clear Web). Onion domain identifies these services to ensure high levels of anonymity and censorship resistance.

According to the source, the group has stored the alleged documents within a VeraCrypt container instead of using a conventional password-protected ZIP archive, showcasing its advanced operational security.

VeraCrypt produces unidentifiable encrypted blob files, which can also host hidden volumes, reinforcing the group’s caution and determination to prevent unauthorized access.

The same source warned if the files possessed by the group are published and verified, they could significantly disrupt regional diplomacy and trigger public outcry in Arab countries, especially in the atmosphere of the ongoing war in Gaza. Moreover, Israel may face exposure of its intelligence methods and the potential loss of key regional partnerships.

A cybersecurity expert, who requested anonymity due to the sensitivity of the issue, noted that the hackers’ use of separate accounts for sending and receiving communications suggests a clear separation of operational roles, a tactic commonly employed to reduce traceability.

The expert added that Proton Mail, a Swiss-based encrypted email service known for stripping IP addresses from email headers, demonstrates the group’s professionalism, as law enforcement authorities would likely require cooperation of the Swiss provider to access metadata.

He further explained that VeraCrypt employs powerful encryption algorithms to generate meaningless, non-interpretable file structures, rendering brute-force decryption virtually impossible without the correct password. He assessed that the container likely holds dozens of sensitive documents and images, given its size and the gravity of the group’s threat.