Fbi Seizes Pro-iranian Hacking Group’s Websites After Destructive Stryker Hack

The FBI seized and took down 2 websites linked to nan pro-Iranian hacktivist group Handala, which past week claimed work for a destructive cyberattack against nan U.S. aesculapian tech elephantine Stryker. 

As of Thursday, nan contents of a website wherever Handala publicized its hacks, arsenic good arsenic different website that nan group utilized to dox dozens of group complete their alleged ties to nan Israeli subject and defense contractors, specified arsenic Elbit Systems and NSO Group, were replaced by a banner announcing nan rule enforcement action. 

The seizure announcement did not opportunity why nan FBI and nan Justice Department took down nan websites. But nan connection successful them appears to bespeak U.S. authorities believed these sites were tally by hackers linked to a overseas government.

“Law enforcement authorities wished this domain was utilized to conduct, facilitate, aliases support malicious cyber activities connected behalf of, aliases successful coordination with, a overseas authorities actor,” publication nan seizure announcement. “The United States Government has taken power of this domain to disrupt ongoing malicious cyber operations and forestall further exploitation.”

TechCrunch confirmed nan website’s seizure by examining its nameserver records, which now constituent to servers controlled by nan FBI. 

The FBI and nan Justice Department did not instantly respond to TechCrunch’s petition for comment.

A website takedown and seizure announcement by nan FBI and nan U.S. Department of Justice, which replaced nan contents of 2 websites linked to nan pro-Iranian hacktivist group Handala. (Image: TechCrunch)Image Credits:TechCrunch / Getty Images

In a bid of announcements posted connected nan group’s charismatic Telegram transmission connected Thursday, Handala acknowledged its websites were taken offline, calling nan seizures “a hopeless effort to soundlessness our voice.”

“This enactment of integer aggression only serves to item nan fearfulness and worry our actions person instilled successful nan hearts of those who oppress and deceive,” nan hackers wrote. “Although they effort to erase nan grounds and hide their crimes done censorship and intimidation, their actions only corroborate nan effect of our mission. The pursuit of justness cannot beryllium stopped by taking down a website, nan activity for truth will persist and turn stronger.”

Handala’s X account was besides precocious suspended.

The group did not respond to a connection sent to their charismatic chat account. 

Handala has been active astatine slightest since nan October 7, 2023 attacks by Hamas, and is believed to person ties pinch nan Iranian regime. Last week, nan group claimed nan onslaught connected U.S. aesculapian institution Stryker, which has complete 56,000 labor crossed dozens of countries. The hackers said nan hack was successful retaliation for the U.S. authorities rocket strike that deed an Iranian school, sidesplitting astatine slightest 175 people, astir of them children. 

Last year, Stryker signed a $450 cardinal contract to proviso aesculapian devices to nan Department of Defense.

Handala reportedly collapsed into an soul Stryker administrator account, gaining near-unlimited access to nan company’s Windows network. At that point, nan hackers allegedly took complete Stryker’s Intune dashboards, a instrumentality that was designed to let nan institution to negociate worker laptops and mobile devices remotely, which included nan expertise to delete data. 

With entree to these dashboards, nan hackers were reportedly capable to swipe devices owned by some nan institution and its ain employees. 

On Tuesday, Stryker said it is still restoring its computers and soul network pursuing nan hack. 

Nariman Gharib, a U.K.-based Iranian activistic and independent cyber-espionage investigator, told TechCrunch that nan takedowns are bully news.

“Their organizational and guidance building is presently disrupted, and astatine immoderate moment, members of this group whitethorn beryllium targeted by rocket strikes, conscionable for illustration different cyber forces of nan regime,” Gharib told TechCrunch. 

“But this does not mean that their activities whitethorn extremity — no. It is imaginable that early leaks whitethorn beryllium published by this group done media adjacent to nan IRGC,” referring to nan country’s military.