US accuses Iran’s authorities of working hacktivist group that hacked Stryker

The U.S. Justice Division accused Iran’s authorities of being behind the hacktivist group Handala, which final week claimed duty for the harmful cyberattack towards the U.S. medical tech large Stryker. 

In a press release revealed on Thursday, the Justice Division mentioned Iran’s Ministry of Intelligence and Safety (MOIS) is working Handala. 

The Justice Division referred to as the group a faux activist persona that the Iranian ministry used to hold out “psychological operations” towards the regime’s enemies, to say duty for cyberattacks, and to publish stolen info obtained throughout these hacks. The group additionally referred to as for the killing of journalists, regime dissidents, and Israeli individuals, per the DOJ. 

The announcement got here hours after the FBI seized two web sites linked to Handala, as first reported by TechCrunch. The group used the web sites to publicize its alleged cyberattacks, in addition to to publish the non-public info of dozens of people that allegedly labored for the Israeli navy and protection contractors. 

Handala took credit score on its web site for the March 11 cyberattack on Stryker, throughout which the hackers remotely wiped tens of 1000’s of worker units. The hackers mentioned the breach was in retaliation for a U.S. air strike on an Iranian faculty, which killed 168 youngsters, according to Iranian officials.

FBI director Kash Patel was quoted within the DOJ’s press launch as saying that the FBI “took down 4 of their operation’s pillars and we’re not achieved.”

Other than the 2 web sites utilized by Handala, the DOJ additionally seized two different domains allegedly utilized by Iran’s MOIS by way of one other hacktivist persona calling themselves “Justice Homeland” or “Homeland Justice.” The DOJ accused Iranian authorities hackers of utilizing these two domains to say duty for hacking the Albanian authorities in 2022, in a cyberattack that resulted in authorities servers being taken offline and the theft of delicate information. Microsoft additionally linked the attack towards the Albanian authorities to the MOIS.

In an affidavit submitted in courtroom to help the seizure of Handala’s web sites, the FBI mentioned that Handala, Justice Homeland, and one other hacktivist persona referred to as Karma Under, “are a part of the identical conspiracy as a result of they’re operated by the identical people.”

Handala responded to the DOJ’s announcement in a press release posted on its official Telegram channel, the place the hackers referred to as the U.S. authorities actions “nothing greater than the most recent determined makes an attempt by the US and its allies to silence the voice of Handala.”

DomainTools’ cybersecurity researcher Keith O’Neill informed TechCrunch that Handala has already arrange new domains that haven’t but been seized.

The hacking group didn’t reply to a request for remark despatched to a chat account publicized by the hackers, in addition to an e mail handle recognized by the Justice Division in its affidavit. 

A spokesperson for Iran’s Everlasting Mission to the United Nations didn’t reply to TechCrunch’s request for remark. Stryker additionally didn’t reply to a request for remark.

Alex Orleans, the pinnacle of risk intelligence at Chic Safety who has tracked Iranian hackers for years, informed TechCrunch that it’s potential that the individuals behind the Handala persona are usually not the identical people doing the precise hacking. 

“Handala doesn’t essentially equate, one-to-one, with the actors conducting the actions it’s taking credit score for,” mentioned Orleans. “There could possibly be a number of groups conducting precise intrusions whereas a definite crew is accountable for sustaining the persona — with all of those distinct components coexisting inside a bigger unified MOIS factor.”

“There’s a degree of opacity there that may be troublesome to penetrate,” he mentioned.