U.S. accuses Iran’s authorities of working hacktivist group that hacked Stryker

The U.S. Justice Division accused Iran’s authorities of being behind the hacktivist group Handala, which final week claimed duty for the harmful cyberattack in opposition to the U.S. medical tech big Stryker. 

In a press launch revealed on Thursday, the Justice Division mentioned Iran’s Ministry of Intelligence and Safety (MOIS) is working Handala. 

The Justice Division known as the group a faux activist persona that the Iranian ministry used to hold out “psychological operations” in opposition to the regime’s enemies, to say duty for cyberattacks, and to publish stolen info obtained throughout these hacks. The group additionally known as for the killing of journalists, regime dissidents, and Israeli individuals, per the DOJ. 

The announcement got here hours after the FBI seized two web sites linked to Handala, as first reported by information.killnetswitch. The group used the web sites to publicize its alleged cyberattacks, in addition to to publish the private info of dozens of people that allegedly labored for the Israeli navy and protection contractors. 

Handala took credit score on its web site for the March 11 cyberattack on Stryker, throughout which the hackers remotely wiped tens of 1000’s of worker units. The hackers mentioned the breach was in retaliation for a U.S. air strike on an Iranian faculty, killing dozens of kids.

FBI director Kash Patel was quoted within the DOJ’s press launch as saying that the FBI “took down 4 of their operation’s pillars and we’re not executed.”

Other than the 2 web sites utilized by Handala, the DOJ additionally seized two different domains allegedly utilized by Iran’s MOIS through one other hacktivist persona calling themselves “Justice Homeland” or “Homeland Justice.” The DOJ accused Iranian authorities hackers of utilizing these two domains to say duty for hacking the Albanian authorities in 2022, in a cyberattack that resulted in authorities servers being taken offline and the theft of delicate information. Microsoft additionally linked the assault in opposition to the Albanian authorities to the MOIS.

In an affidavit submitted in court docket to help the seizure of Handala’s web sites, the FBI mentioned that Handala, Justice Homeland, and one other hacktivist persona known as Karma Under, “are a part of the identical conspiracy as a result of they’re operated by the identical people.”

Handala responded to the DOJ’s announcement in an announcement posted on its official Telegram channel, the place the hackers known as the U.S. authorities actions “nothing greater than the newest determined makes an attempt by the US and its allies to silence the voice of Handala.”

DomainTools’ cybersecurity researcher Keith O’Neill advised information.killnetswitch that Handala has already arrange new domains that haven’t but been seized.

The hacking group didn’t reply to a request for remark despatched to a chat account publicized by the hackers, in addition to an electronic mail handle recognized by the Justice Division in its affidavit. 

A spokesperson for Iran’s Everlasting Mission to the United Nations didn’t reply to information.killnetswitch’s request for remark. Stryker additionally didn’t reply to a request for remark.

Alex Orleans, the pinnacle of risk intelligence at Chic Safety who has tracked Iranian hackers for years, advised information.killnetswitch that it’s doable that the folks behind the Handala persona will not be the identical people doing the precise hacking. 

“Handala doesn’t essentially equate, one-to-one, with the actors conducting the actions it’s taking credit score for,” mentioned Orleans. “There could possibly be a number of groups conducting precise intrusions whereas a definite staff is accountable for sustaining the persona — with all of those distinct components coexisting inside a bigger unified MOIS component.”

“There’s a degree of opacity there that may be troublesome to penetrate,” he mentioned.