The FBI seized and took down two web sites linked to the pro-Iranian hacktivist group Handala, which final week claimed accountability for a damaging cyberattack towards the U.S. medical tech large Stryker.
As of Thursday, the contents of a web site the place Handala publicized its hacks, in addition to one other web site that the group used to dox dozens of individuals over their alleged ties to the Israeli navy and protection contractors, resembling Elbit Programs and NSO Group, had been changed by a banner asserting the regulation enforcement motion.
The seizure announcement didn’t say why the FBI and the Justice Division took down the web sites. However the language in them seems to point U.S. authorities believed these websites had been run by hackers linked to a overseas authorities.
“Legislation enforcement authorities decided this area was used to conduct, facilitate, or assist malicious cyber actions on behalf of, or in coordination with, a overseas state actor,” learn the seizure announcement. “America Authorities has taken management of this area to disrupt ongoing malicious cyber operations and forestall additional exploitation.”
TechCrunch confirmed the web site’s seizure by analyzing its nameserver information, which now level to servers managed by the FBI.
The FBI and the Justice Division didn’t instantly reply to TechCrunch’s request for remark.
In a collection of bulletins posted on the group’s official Telegram channel on Thursday, Handala acknowledged its web sites had been taken offline, calling the seizures “a determined try and silence our voice.”
“This act of digital aggression solely serves to focus on the concern and nervousness our actions have instilled within the hearts of those that oppress and deceive,” the hackers wrote. “Though they try and erase the proof and conceal their crimes via censorship and intimidation, their actions solely affirm the influence of our mission. The pursuit of justice can’t be stopped by taking down a web site, the motion for fact will persist and develop stronger.”
Handala’s X account was additionally just lately suspended.
The group didn’t reply to a message despatched to their official chat account.
Handala has been active no less than because the October 7, 2023, assaults by Hamas and is believed to have ties with the Iranian regime. Final week, the group claimed the assault on U.S. medical firm Stryker, which has over 56,000 workers throughout dozens of nations. The hackers stated the hack was in retaliation for the U.S. government missile strike that hit an Iranian college, killing no less than 175 individuals, most of them kids.
Final 12 months, Stryker signed a $450 million contract to produce medical units to the Division of Protection.
Handala reportedly broke into an inside Stryker administrator account, gaining near-unlimited access to the corporate’s Home windows community. At that time, the hackers allegedly took over Stryker’s Intune dashboards, a device that was designed to permit the corporate to handle worker laptops and cell units remotely, which included the flexibility to delete knowledge.
With entry to those dashboards, the hackers had been reportedly capable of wipe units owned by each the corporate and its workers.
On Tuesday, Stryker stated it’s nonetheless restoring its computer systems and inside community following the hack.
Nariman Gharib, a U.Okay.-based Iranian activist and impartial cyber-espionage investigator, instructed TechCrunch that the takedowns are excellent news.
“Their organizational and administration construction is at present disrupted, and at any second, members of this group could also be focused by missile strikes, similar to different cyber forces of the regime,” Gharib instructed TechCrunch.
“However this doesn’t imply that their actions might cease — no. It’s attainable that future leaks could also be printed by this group via media near the IRGC,” he stated, referring to the nation’s navy.
