Iranian hacker group Handala Hack Team, the collective behind the famed cyberattack on U.S. MedTech firm Stryker, is back online just hours after the FBI announced its clearnet domains seizure.
On Thursday, FBI’s official announcement said that the domains connected to Iranian hacker groups—Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, and Handala-Redwanted[.]to—which are allegedly a front for Iran’s Ministry of Intelligence and Security (MOIS) were seized and unreachable. Law enforcers said these sites were used for ‘name and shame’ purposes and issuance of threats to journalists, dissidents, and individuals linked to Israel.
Read: U.S. Shuts Down Websites Behind Iran-Linked Cyber Attacks and Death Threats
As per the court documents, all these domains were operated by “same individuals” (MOIS) and were a part of the “same conspiracy.”
Handala Hackers Post Acknowledgement on Telegram
Handala hackers acknowledged the law enforcement seizure on their Telegram channel putting screenshots of their domain information and name servers that now read seized by FBI (ns1[.]fbi[.]seized[.]gov).
Handala claimed that this act was the tactics of its adversaries to “erase,” “hide,” and enforce “censorship” on its voices and that their efforts “will continue on new platforms.”
Strikingly, the claims of digital repression from its adversaries come amid Iran’s own efforts of country-wide Internet censorship that has entered the 21st day.
Within hours, the threat group, however released another statement on their Telegram channel announcing the launch of its new domain infrastructure at handala-hack[.]ps. The quick turn-around suggests the hackers want to maintain operational continuity, said researchers at threat intelligence company Cyble.
With a fairly “moderate” confidence, researchers say these claims may hold true as the domains named in the messages are re-routing to a clearnet website that looks similar to the one Handala hackers had prior to FBI’s seizure. The Cyber Express reached out to the respective law enforcement offices for a statement on the latest turn of events but has not received any comment, as of the time of publishing this article.
Stryker Acknowledges the Takedown
Although Handala has been front ending for MOIS since 2023, the group became its face in the recent conflict when it attacked the U.S.-based MedTech company Stryker, earlier this month. Handala claimed it wiped more than 200,000 devices and siphoned petabytes worth of data but the company although acknowledging the attack, said the incident was limited to its Microsoft environment and was contained with no impact to its customers.
Read: Who Is Handala — The Iran-Linked Ghost Group That Just Wiped 200K Stryker Devices
In a Thursday update, Stryker appreciated FBI’s takedown stating: “We’re grateful to the government for their efforts to seize domains linked to the purported threat actors.”
The company had earlier said that its supply chain was however impacted in the attack and restoration was undertaken. In the latest update it reiterated the same saying restoration efforts had made “significant progress” but some of its personalized implants customers were still experiencing some disruptions that were being taken on priority.
