U.S. Seizes Domains of Iran-Linked Hacking Group

The U.S. Department of Justice (DOJ) seized four domains linked to Handala, an Iranian government-backed hacking group, following a March 11 cyberattack on Michigan-based medical device maker Stryker. The FBI took down websites used by Handala to claim responsibility for the attack and share sensitive information about Israeli military personnel.

The DOJ described Handala as part of Iran's Ministry of Intelligence and Security (MOIS), engaging in 'hacking and transnational repression schemes.' According to Reuters, the group quickly restored its website, highlighting the resilience of Iranian-linked hackers. The FBI affidavit supporting the seizure asserted probable cause that Handala operators conspired to carry out a destructive malware attack against Stryker.

The cyberattack on Stryker caused global disruption but did not affect its medical products or implants. CBS News reported that Handala also used seized websites to threaten dissidents and share personal information of Israeli government employees, alleging ties with the Mexican cartel Jalisco New Generation for targeted assassinations. The DOJ's actions come amid fears of escalating cyber warfare between the U.S., Israel, and Iran.

Experts warn that these takedowns will not significantly slow down Handala or similar groups. Ari Ben Am, an adjunct fellow at the Foundation for Defense of Democracies Center on Cyber and Technology Innovation, noted that Iranian hackers are accustomed to such actions and can quickly relocate their operations. The incident underscores ongoing cyber threats from Iran-linked groups targeting U.S. companies.