The FBI confiscated and dismantled two websites associated with the pro-Iranian hacktivist organization Handala, which had claimed responsibility for a damaging cyber assault on the U.S. medical technology firm Stryker just last week.
As of Thursday, the content of a site where Handala showcased its hacks, along with another site the group utilized to reveal personal information about several individuals allegedly connected to the Israeli military and defense contractors, such as Elbit Systems and NSO Group, was replaced by a banner indicating the law enforcement intervention.
The announcement regarding the seizure did not specify the reasons the FBI and the Justice Department acted against these websites. However, the wording suggests that U.S. officials believed these sites were managed by hackers with affiliations to a foreign government.
“Law enforcement authorities concluded this domain was employed to execute, facilitate, or assist malicious cyber endeavors on behalf of, or in collaboration with, a foreign state actor,” stated the seizure announcement. “The United States Government has seized control of this domain to disrupt ongoing malicious cyber operations and avert further exploitation.”
TechCrunch verified the seizure of the website by analyzing its nameserver records, which now direct to servers managed by the FBI.
The FBI and the Justice Department have not promptly replied to TechCrunch’s request for comments.
In a series of updates shared on the group’s official Telegram channel on Thursday, Handala recognized that their websites had been taken down, labeling the seizures “a desperate attempt to silence our voice.”
“This act of digital aggression merely serves to underline the fear and anxiety our actions have induced in the hearts of those who oppress and deceive,” the hackers stated. “Even though they strive to eliminate the evidence and conceal their misdeeds through censorship and intimidation, their actions only affirm the significance of our mission. The quest for justice cannot be halted by dismantling a website; the movement for truth will endure and strengthen.”
Handala’s X account was also suspended recently.
The group did not reply to a message sent to their official chat account.
Handala has been operational at least since the attacks by Hamas on October 7, 2023, and is thought to have connections with the Iranian government. Last week, they claimed responsibility for the cyberattack against the U.S. medical firm Stryker, which employs over 56,000 people worldwide. The hackers asserted that the attack was a response to the U.S. government missile strike that targeted an Iranian school, resulting in the deaths of at least 175 people, most of whom were children.
Last year, Stryker entered into a $450 million agreement to provide medical equipment to the Department of Defense.
Handala reportedly accessed an internal Stryker administrator account, obtaining nearly unlimited access to the company’s Windows infrastructure. Following this, the hackers allegedly took control of Stryker’s Intune dashboards, a system designed for managing employee laptops and mobile devices remotely, which included the capacity to delete data.
With access to these dashboards, the hackers reportedly managed to erase devices owned by both the company and its employees.
On Tuesday, Stryker announced it is still in the process of restoring its computers and internal network following the breach.
Nariman Gharib, a U.K.-based Iranian activist and independent cyber-espionage researcher, expressed to TechCrunch that the takedowns represent positive news.
“Their organizational and management framework is currently disrupted, and at any time, members of this group might find themselves targeted by missile strikes, just like other cyber units of the regime,” Gharib informed TechCrunch.
“However, this does not imply that their activities will cease — no. It is plausible that future leaks could be disseminated by this group through media outlets affiliated with the IRGC,” referencing the nation’s military.