The FBI seized and took down two web sites linked to the pro-Iranian hacktivist group Handala, which final week claimed duty for a harmful cyberattack towards the U.S. medical tech large Stryker.
As of Thursday, the contents of a web site the place Handala publicized its hacks, in addition to one other web site that the group used to dox dozens of individuals over their alleged ties to the Israeli army and protection contractors, comparable to Elbit Methods and NSO Group, had been changed by a banner saying the regulation enforcement motion.
The seizure announcement didn’t say why the FBI and the Justice Division took down the web sites. However the language in them seems to point U.S. authorities believed these websites had been run by hackers linked to a overseas authorities.
“Regulation enforcement authorities decided this area was used to conduct, facilitate, or assist malicious cyber actions on behalf of, or in coordination with, a overseas state actor,” learn the seizure announcement. “The US Authorities has taken management of this area to disrupt ongoing malicious cyber operations and forestall additional exploitation.”
information.killnetswitch confirmed the web site’s seizure by inspecting its nameserver data, which now level to servers managed by the FBI.
The FBI and the Justice Division didn’t instantly reply to information.killnetswitch’s request for remark.
In a collection of bulletins posted on the group’s official Telegram channel on Thursday, Handala acknowledged its web sites had been taken offline, calling the seizures “a determined try to silence our voice.”
“This act of digital aggression solely serves to focus on the worry and nervousness our actions have instilled within the hearts of those that oppress and deceive,” the hackers wrote. “Though they try to erase the proof and conceal their crimes via censorship and intimidation, their actions solely affirm the impression of our mission. The pursuit of justice can’t be stopped by taking down a web site, the motion for reality will persist and develop stronger.”
Handala’s X account was additionally not too long ago suspended.
The group didn’t reply to a message despatched to their official chat account.
Handala has been energetic at the least for the reason that October 7, 2023 assaults by Hamas, and is believed to have ties with the Iranian regime. Final week, the group claimed the assault on U.S. medical firm Stryker, which has over 56,000 workers throughout dozens of nations. The hackers stated the hack was in retaliation for the U.S. authorities missile strike that hit an Iranian faculty, killing at the least 175 individuals, most of them youngsters.
Final yr, Stryker signed a $450 million contract to produce medical units to the Division of Protection.
Handala reportedly broke into an inside Stryker administrator account, gaining near-unlimited entry to the corporate’s Home windows community. At that time, the hackers allegedly took over Stryker’s Intune dashboards, a instrument that was designed to permit the corporate to handle worker laptops and cell units remotely, which included the flexibility to delete information.
With entry to those dashboards, the hackers had been reportedly capable of wipe units owned by each the corporate and its personal workers.
On Tuesday, Stryker stated it’s nonetheless restoring its computer systems and inside community following the hack.
Nariman Gharib, a U.Ok.-based Iranian activist and unbiased cyber-espionage investigator, instructed information.killnetswitch that the takedowns are excellent news.
“Their organizational and administration construction is presently disrupted, and at any second, members of this group could also be focused by missile strikes, similar to different cyber forces of the regime,” Gharib instructed information.killnetswitch.
“However this doesn’t imply that their actions could cease — no. It’s potential that future leaks could also be revealed by this group via media near the IRGC,” referring to the nation’s army.
