FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack

The FBI seized and took down 2 websites linked to the pro-Iranian hacktivist radical Handala, which past week claimed work for a destructive cyberattack against the U.S. aesculapian tech elephantine Stryker. 

As of Thursday, the contents of a website wherever Handala publicized its hacks, arsenic good arsenic different website that the radical utilized to dox dozens of radical implicit their alleged ties to the Israeli subject and defence contractors, specified arsenic Elbit Systems and NSO Group, were replaced by a banner announcing the instrumentality enforcement action. 

The seizure announcement did not accidental wherefore the FBI and the Justice Department took down the websites. But the connection successful them appears to bespeak U.S. authorities believed these sites were tally by hackers linked to a overseas government.

“Law enforcement authorities determined this domain was utilized to conduct, facilitate, oregon enactment malicious cyber activities connected behalf of, oregon successful coordination with, a overseas authorities actor,” work the seizure announcement. “The United States Government has taken power of this domain to disrupt ongoing malicious cyber operations and forestall further exploitation.”

TechCrunch confirmed the website’s seizure by examining its nameserver records, which present constituent to servers controlled by the FBI. 

The FBI and the Justice Department did not instantly respond to TechCrunch’s petition for comment.

A website takedown and seizure announcement by the FBI and the U.S. Department of Justice, which replaced the contents of 2 websites linked to the pro-Iranian hacktivist radical Handala. (Image: TechCrunch)Image Credits:TechCrunch / Getty Images

In a bid of announcements posted connected the group’s authoritative Telegram transmission connected Thursday, Handala acknowledged its websites were taken offline, calling the seizures “a hopeless effort to soundlessness our voice.”

“This enactment of integer aggression lone serves to item the fearfulness and anxiousness our actions person instilled successful the hearts of those who oppress and deceive,” the hackers wrote. “Although they effort to erase the grounds and fell their crimes done censorship and intimidation, their actions lone corroborate the interaction of our mission. The pursuit of justness cannot beryllium stopped by taking down a website, the question for information volition persist and turn stronger.”

Handala’s X account was besides precocious suspended.

The radical did not respond to a connection sent to their authoritative chat account. 

Handala has been active astatine slightest since the October 7, 2023 attacks by Hamas, and is believed to person ties with the Iranian regime. Last week, the radical claimed the onslaught connected U.S. aesculapian institution Stryker, which has implicit 56,000 employees crossed dozens of countries. The hackers said the hack was successful retaliation for the U.S. authorities rocket strike that deed an Iranian school, sidesplitting astatine slightest 175 people, astir of them children. 

Last year, Stryker signed a $450 cardinal contract to proviso aesculapian devices to the Department of Defense.

Handala reportedly broke into an interior Stryker head account, gaining near-unlimited access to the company’s Windows network. At that point, the hackers allegedly took implicit Stryker’s Intune dashboards, a instrumentality that was designed to let the institution to negociate worker laptops and mobile devices remotely, which included the quality to delete data. 

With entree to these dashboards, the hackers were reportedly capable to hitch devices owned by some the institution and its ain employees. 

On Tuesday, Stryker said it is inactive restoring its computers and interior network pursuing the hack. 

Nariman Gharib, a U.K.-based Iranian activistic and autarkic cyber-espionage investigator, told TechCrunch that the takedowns are bully news.

“Their organizational and absorption operation is presently disrupted, and astatine immoderate moment, members of this radical whitethorn beryllium targeted by rocket strikes, conscionable similar different cyber forces of the regime,” Gharib told TechCrunch. 

“But this does not mean that their activities whitethorn halt — no. It is imaginable that aboriginal leaks whitethorn beryllium published by this radical done media adjacent to the IRGC,” referring to the country’s military.