{"id":3488535,"date":"2026-03-19T15:10:32","date_gmt":"2026-03-19T15:10:32","guid":{"rendered":"https:\/\/techingeek.com\/index.php\/2026\/03\/19\/fbi-takes-control-of-websites-belonging-to-pro-iranian-hacking-collective-following-damaging-stryker-breach\/"},"modified":"2026-03-19T15:10:32","modified_gmt":"2026-03-19T15:10:32","slug":"fbi-takes-control-of-websites-belonging-to-pro-iranian-hacking-collective-following-damaging-stryker-breach","status":"publish","type":"post","link":"https:\/\/techingeek.com\/index.php\/2026\/03\/19\/fbi-takes-control-of-websites-belonging-to-pro-iranian-hacking-collective-following-damaging-stryker-breach\/","title":{"rendered":"FBI takes control of websites belonging to pro-Iranian hacking collective following damaging Stryker breach"},"content":{"rendered":"

The FBI confiscated and dismantled two websites associated with the pro-Iranian hacktivist organization Handala, which had claimed responsibility for a damaging cyber assault on the U.S. medical technology firm Stryker just last week.\u00a0<\/p>\n

As of Thursday, the content of a site where Handala showcased its hacks, along with another site the group utilized to reveal personal information about several individuals allegedly connected to the Israeli military and defense contractors, such as Elbit Systems and NSO Group, was replaced by a banner indicating the law enforcement intervention.\u00a0<\/p>\n

The announcement regarding the seizure did not specify the reasons the FBI and the Justice Department acted against these websites. However, the wording suggests that U.S. officials believed these sites were managed by hackers with affiliations to a foreign government.<\/p>\n

\u201cLaw enforcement authorities concluded this domain was employed to execute, facilitate, or assist malicious cyber endeavors on behalf of, or in collaboration with, a foreign state actor,\u201d stated the seizure announcement. \u201cThe United States Government has seized control of this domain to disrupt ongoing malicious cyber operations and avert further exploitation.\u201d<\/p>\n

TechCrunch verified the seizure of the website by analyzing its nameserver records, which now direct to servers managed by the FBI.\u00a0<\/p>\n

The FBI and the Justice Department have not promptly replied to TechCrunch\u2019s request for comments.<\/p>\n

\"A
A notice regarding the takedown and seizure by the FBI and the U.S. Department of Justice, which replaced the contents of two websites tied to the pro-Iranian hacktivist group Handala. (Image: TechCrunch)<\/span>Image Credits:<\/strong>TechCrunch \/ Getty Images<\/span><\/figcaption><\/figure>\n

In a series of updates shared on the group\u2019s official Telegram channel on Thursday, Handala recognized that their websites had been taken down, labeling the seizures \u201ca desperate attempt to silence our voice.\u201d<\/p>\n

\u201cThis act of digital aggression merely serves to underline the fear and anxiety our actions have induced in the hearts of those who oppress and deceive,\u201d the hackers stated. \u201cEven though they strive to eliminate the evidence and conceal their misdeeds through censorship and intimidation, their actions only affirm the significance of our mission. The quest for justice cannot be halted by dismantling a website; the movement for truth will endure and strengthen.\u201d<\/p>\n

Handala\u2019s X account was also suspended recently.<\/p>\n

The group did not reply to a message sent to their official chat account.\u00a0<\/p>\n

Handala has been operational at least since the attacks by Hamas on October 7, 2023, and is thought to have connections with the Iranian government. Last week, they claimed responsibility for the cyberattack against the U.S. medical firm Stryker, which employs over 56,000 people worldwide. The hackers asserted that the attack was a response to the U.S. government missile strike that targeted an Iranian school, resulting in the deaths of at least 175 people, most of whom were children.\u00a0<\/p>\n

Last year, Stryker entered into a $450 million agreement to provide medical equipment to the Department of Defense.<\/p>\n

Handala reportedly accessed an internal Stryker administrator account, obtaining nearly unlimited access to the company\u2019s Windows infrastructure. Following this, the hackers allegedly took control of Stryker\u2019s Intune dashboards, a system designed for managing employee laptops and mobile devices remotely, which included the capacity to delete data.\u00a0<\/p>\n

With access to these dashboards, the hackers reportedly managed to erase devices owned by both the company and its employees.\u00a0<\/p>\n

On Tuesday, Stryker announced it is still in the process of restoring its computers and internal network following the breach.\u00a0<\/p>\n

Nariman Gharib, a U.K.-based Iranian activist and independent cyber-espionage researcher, expressed to TechCrunch that the takedowns represent positive news.<\/p>\n

\u201cTheir organizational and management framework is currently disrupted, and at any time, members of this group might find themselves targeted by missile strikes, just like other cyber units of the regime,\u201d Gharib informed TechCrunch.\u00a0<\/p>\n

\u201cHowever, this does not imply that their activities will cease \u2014 no. It is plausible that future leaks could be disseminated by this group through media outlets affiliated with the IRGC,\u201d referencing the nation’s military.<\/p>\n","protected":false},"excerpt":{"rendered":"

The FBI confiscated and dismantled two websites associated with the pro-Iranian hacktivist organization Handala, which had claimed responsibility for a damaging cyber assault on the U.S. medical technology firm Stryker just last week.\u00a0<\/p>\n

As of Thursday, the content of a site where Handala showcased its hacks, along with another site the group utilized to reveal personal information about several individuals allegedly connected to the Israeli military and defense contractors, such as Elbit Systems and NSO Group, was replaced by a banner indicating the law enforcement intervention.\u00a0<\/p>\n

The announcement regarding the seizure did not specify the reasons the FBI and the Justice Department acted against these websites. However, the wording suggests that U.S. officials believed these sites were managed by hackers with affiliations to a foreign government.<\/p>\n

\u201cLaw enforcement authorities concluded this domain was employed to execute, facilitate, or assist malicious cyber endeavors on behalf of, or in collaboration with, a foreign state actor,\u201d stated the seizure announcement. \u201cThe United States Government has seized control of this domain to disrupt ongoing malicious cyber operations and avert further exploitation.\u201d<\/p>\n

TechCrunch verified the seizure of the website by analyzing its nameserver records, which now direct to servers managed by the FBI.\u00a0<\/p>\n

The FBI and the Justice Department have not promptly replied to TechCrunch\u2019s request for comments.<\/p>\n

\"A
A notice regarding the takedown and seizure by the FBI and the U.S. Department of Justice, which replaced the contents of two websites tied to the pro-Iranian hacktivist group Handala. (Image: TechCrunch)<\/span>Image Credits:<\/strong>TechCrunch \/ Getty Images<\/span><\/figcaption><\/figure>\n

In a series of updates shared on the group\u2019s official Telegram channel on Thursday, Handala recognized that their websites had been taken down, labeling the seizures \u201ca desperate attempt to silence our voice.\u201d<\/p>\n

\u201cThis act of digital aggression merely serves to underline the fear and anxiety our actions have induced in the hearts of those who oppress and deceive,\u201d the hackers stated. \u201cEven though they strive to eliminate the evidence and conceal their misdeeds through censorship and intimidation, their actions only affirm the significance of our mission. The quest for justice cannot be halted by dismantling a website; the movement for truth will endure and strengthen.\u201d<\/p>\n

Handala\u2019s X account was also suspended recently.<\/p>\n

The group did not reply to a message sent to their official chat account.\u00a0<\/p>\n

Handala has been operational at least since the attacks by Hamas on October 7, 2023, and is thought to have connections with the Iranian government. Last week, they claimed responsibility for the cyberattack against the U.S. medical firm Stryker, which employs over 56,000 people worldwide. The hackers asserted that the attack was a response to the U.S. government missile strike that targeted an Iranian school, resulting in the deaths of at least 175 people, most of whom were children.\u00a0<\/p>\n

Last year, Stryker entered into a $450 million agreement to provide medical equipment to the Department of Defense.<\/p>\n

Handala reportedly accessed an internal Stryker administrator account, obtaining nearly unlimited access to the company\u2019s Windows infrastructure. Following this, the hackers allegedly took control of Stryker\u2019s Intune dashboards, a system designed for managing employee laptops and mobile devices remotely, which included the capacity to delete data.\u00a0<\/p>\n

With access to these dashboards, the hackers reportedly managed to erase devices owned by both the company and its employees.\u00a0<\/p>\n

On Tuesday, Stryker announced it is still in the process of restoring its computers and internal network following the breach.\u00a0<\/p>\n

Nariman Gharib, a U.K.-based Iranian activist and independent cyber-espionage researcher, expressed to TechCrunch that the takedowns represent positive news.<\/p>\n

\u201cTheir organizational and management framework is currently disrupted, and at any time, members of this group might find themselves targeted by missile strikes, just like other cyber units of the regime,\u201d Gharib informed TechCrunch.\u00a0<\/p>\n

\u201cHowever, this does not imply that their activities will cease \u2014 no. It is plausible that future leaks could be disseminated by this group through media outlets affiliated with the IRGC,\u201d referencing the nation’s military.<\/p>\n","protected":false},"author":2,"featured_media":3488536,"comment_status":"open","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3488535","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3488535"}],"collection":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/comments?post=3488535"}],"version-history":[{"count":0,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/posts\/3488535\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media\/3488536"}],"wp:attachment":[{"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/media?parent=3488535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/categories?post=3488535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techingeek.com\/index.php\/wp-json\/wp\/v2\/tags?post=3488535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}