The FBI seized and took down two web sites linked to the pro-Iranian hacktivist group Handala, which final week claimed duty for a harmful cyberattack towards the U.S. medical tech large Stryker.
As of Thursday, the contents of an internet site the place Handala publicized its hacks, in addition to one other web site that the group used to dox dozens of individuals over their alleged ties to the Israeli navy and protection contractors, equivalent to Elbit Programs and NSO Group, have been changed by a banner asserting the legislation enforcement motion.
The seizure announcement didn’t say why the FBI and the Justice Division took down the web sites. However the language in them seems to point U.S. authorities believed these websites have been run by hackers linked to a international authorities.
“Regulation enforcement authorities decided this area was used to conduct, facilitate, or assist malicious cyber actions on behalf of, or in coordination with, a international state actor,” learn the seizure announcement. “The US Authorities has taken management of this area to disrupt ongoing malicious cyber operations and forestall additional exploitation.”
TechCrunch confirmed the web site’s seizure by analyzing its nameserver information, which now level to servers managed by the FBI.
The FBI and the Justice Division didn’t instantly reply to TechCrunch’s request for remark.
In a collection of bulletins posted on the group’s official Telegram channel on Thursday, Handala acknowledged its web sites have been taken offline, calling the seizures “a determined try to silence our voice.”
“This act of digital aggression solely serves to focus on the worry and nervousness our actions have instilled within the hearts of those that oppress and deceive,” the hackers wrote. “Though they try to erase the proof and conceal their crimes by way of censorship and intimidation, their actions solely affirm the influence of our mission. The pursuit of justice can’t be stopped by taking down an internet site, the motion for reality will persist and develop stronger.”
Handala’s X account was additionally just lately suspended.
The group didn’t reply to a message despatched to their official chat account.
Handala has been active no less than for the reason that October 7, 2023, assaults by Hamas and is believed to have ties with the Iranian regime. Final week, the group claimed the assault on U.S. medical firm Stryker, which has over 56,000 workers throughout dozens of nations. The hackers mentioned the hack was in retaliation for the U.S. government missile strike that hit an Iranian college, killing no less than 175 individuals, most of them kids.
Final yr, Stryker signed a $450 million contract to provide medical units to the Division of Protection.
Handala reportedly broke into an inside Stryker administrator account, gaining near-unlimited access to the corporate’s Home windows community. At that time, the hackers allegedly took over Stryker’s Intune dashboards, a instrument that was designed to permit the corporate to handle worker laptops and cell units remotely, which included the flexibility to delete knowledge.
With entry to those dashboards, the hackers have been reportedly in a position to wipe units owned by each the corporate and its workers.
On Tuesday, Stryker mentioned it’s nonetheless restoring its computer systems and inside community following the hack.
Nariman Gharib, a U.Okay.-based Iranian activist and impartial cyber-espionage investigator, informed TechCrunch that the takedowns are excellent news.
“Their organizational and administration construction is at the moment disrupted, and at any second, members of this group could also be focused by missile strikes, identical to different cyber forces of the regime,” Gharib informed TechCrunch.
“However this doesn’t imply that their actions could cease — no. It’s attainable that future leaks could also be revealed by this group by way of media near the IRGC,” he mentioned, referring to the nation’s navy.
