The cyber group "Banished Kitten," operating under the alias "Handala" and affiliated with the Ministry of Intelligence and Security of Iran (MOIS), has once again exposed its own clumsy operations. This time, the group inadvertently revealed confidential access to Suvarnabhumi Airport (BKK) in Bangkok, Thailand, while attempting to claim they had compromised Israeli airport security. As previously reported, "Handala" operates under MOIS's Counter-Terrorism (CT) division, led by Seyed Yahya Hosseini Panjaki (alias "Seyed Yahya Hamidi"), Deputy of Internal Security at MOIS. Hosseini's reckless actions continue to endanger Iran's national interests, further exposing the group's incompetence.
The Blunder
On November 15, 2025, "Handala" published a propaganda piece titled "Smile for the Camera – Handala Is Watching," boasting about access to "Shabak's airport security systems" (Israel's domestic security agency). The post threatened: "Our presence defies your imagination. Handala is not just a name; it's a shadow, a watchful gaze in places you never expect, even at the exit cameras of your airport gates."
There's just one problem: the images aren't from Israel. A simple comparison of the published airport surveillance images with publicly available references clearly identifies the location as Suvarnabhumi Airport (BKK) in Bangkok, Thailand, not Ben Gurion Airport. The evidence is clear: the distinctive exposed steel beam ceiling structure, the immigration hall layout with its recognizable queue barriers, and the terminal's characteristic architecture all unmistakably match Bangkok's main international hub. The images show travelers in the passport control area with Suvarnabhumi's signature industrial ceiling design and escalators visible in the background. Once again, the CT Division's amateur operatives have failed basic operational security. This marks the first time the group has publicly disclosed accessing critical infrastructure outside Israel.
Suvarnabhumi Airport is no small target. According to official statistics, BKK handled 62,234,693 passengers in 2024, making it the busiest airport in Thailand, the 9th busiest airport in Asia, and ranking among the top 25 busiest airports worldwide. The airport serves as a major transit hub connecting Asia, Europe, and the Middle East, with traffic increasing 20% compared to the previous year. Since the airport's third runway opened in November 2024, capacity has expanded to 94 flights per hour, Suvarnabhumi is investing heavily in becoming a world-class hub.
What makes this breach particularly concerning is the sophistication of the systems potentially compromised. Suvarnabhumi Airport operates AI-powered facial recognition technology, license plate tracking, and integrated CCTV systems across the facility. The airport's Thailand Immigration System (TIS) maintains both "black lists" and "watch lists" with detection capabilities within 20 seconds of passport scanning. If MOIS has access to these systems, they could potentially monitor travelers, track movements, and identify targets passing through one of Asia's busiest transit points.
Warning to Iranians
Dear Iranians: even in Thailand, a popular destination and transit point for Iranian citizens traveling abroad, the oppressive regime is watching you. The Islamic Republic's intelligence apparatus has extended its surveillance to monitor Iranians traveling through Bangkok. Whether for business, tourism, or seeking freedom abroad, your movements may be tracked by Seyed Yahya's amateur operatives. With over 62 million passengers transiting through BKK annually, the potential for surveillance and targeting of Iranian dissidents, activists, and ordinary citizens is significant. It should be noted that Thailand is among the limited countries that Iranian citizens can travel to without needing a visa.
It's no surprise that "Handala" continues to make operational security mistakes. As recently exposed by Iran International, Ali Bermoudeh, a 27-year-old amateur hacker from Tabriz whose passwords for key accounts are simply his birthdate, works for this reckless group. His handler at MOIS is Morteza Aftabifar. When your cyber operators can't distinguish between Tel Aviv and Bangkok, and secure their accounts with passwords like "1377629" perhaps it's time for Seyed Yahya to reconsider his recruitment standards.
Thai authorities should be aware: the Islamic Republic's Ministry of Intelligence has compromised security systems at Suvarnabhumi Airport. This is not speculation. MOIS's own cyber group published the evidence themselves. A breach of this magnitude by a state-sponsored threat actor, one designated as a terrorist organization by the European Union, demands immediate investigation and response. But hey, at least they got the continent right this time. The real question is: what will Thailand do about it?
