The FBI seized and took down two websites linked to the pro-Iranian hacktivist group Handala, which last week claimed responsibility for a devastating cyber attack against US medical technology giant Stryker.
As of Thursday, the content of a website where Handala posted its hacks, as well as another website the group used to denounce dozens of people for their alleged ties to the Israeli military and defense contractors such as Elbit Systems and NSO Group, were replaced by a banner announcing the enforcement action.
The seizure notice did not say why the FBI and Justice Department took down the websites. But the language in them seems to indicate that US authorities believed these sites were run by hackers linked to a foreign government.
“Law enforcement has determined that this domain was used to conduct, facilitate, or support malicious online activities on behalf of or in coordination with a foreign state actor,” the seizure notice said. “The United States government has taken control of this sector to disrupt ongoing malicious cyber operations and prevent further exploitation.”
TechCrunch confirmed the site’s seizure by reviewing its nameserver records, which now point to servers controlled by the FBI.
The FBI and Justice Department did not immediately respond to TechCrunch’s request for comment.
In a series of announcements posted on the group’s official Telegram channel on Thursday, Handala acknowledged that its websites were offline, calling the seizures “a desperate attempt to silence our voice.”
“This act of digital aggression only serves to highlight the fear and anxiety our actions have instilled in the hearts of those who oppress and deceive,” the hackers wrote. “Although they try to erase evidence and hide their crimes through censorship and intimidation, their actions only confirm the impact of our mission. The pursuit of justice cannot be stopped by taking down a website, the movement for truth will persist and grow stronger.”
of Khandala Account X was also suspended recently.
The group did not respond to a message sent to its official chat account.
Handala was active at least since the October 7, 2023 Hamas attacks and is believed to have ties to the Iranian regime. Last week, the group claimed responsibility for the attack on US medical company Stryker, which has more than 56,000 employees in dozens of countries. The hackers said the hack was retaliation the US government’s missile attack that struck an Iranian school, killing at least 175 people, most of them children.
Last year Stryker signed $450 million contract for the supply of medical technology products to the Ministry of Defence.
Handala allegedly hacked into an internal Stryker administrator account, winning almost unlimited access on the company’s Windows network. At that point, hackers reportedly took over Stryker’s Intune dashboards, a tool designed to allow the company to remotely manage employee laptops and mobile devices, which included the ability to wipe data.
By accessing these dashboards, hackers were able to wipe devices belonging to both the company and its employees.
On Tuesday, Stryker said it was still restoring its computers and internal network after the hack.
Nariman Gharib, a UK-based Iranian activist and independent cyberespionage researcher, told TechCrunch that the occupations are good news.
“Their organizational and command structure is currently disrupted, and at any moment, members of this group could be targeted by missile attacks, as could other regime cyber forces,” Garim told TechCrunch.
“But this does not mean that their activities may stop — no. It is possible that future leaks may be published by this group through media outlets close to the IRGC,” referring to the country’s military.
