The U.S. Justice Department has accused the Iranian government of controlling the hacktivist group Handala, which recently claimed responsibility for a significant cyberattack on medical technology firm Stryker. In a press release issued last Thursday, the Justice Department stated that the Iranian Ministry of Intelligence and Security (MOIS) is behind Handala, describing it as a fabricated activist front used to conduct psychological operations against perceived adversaries and to distribute stolen information.
This announcement coincided with the FBI seizing two websites linked to Handala, which had been utilised to promote its cyber operations and to release personal information of individuals associated with the Israeli military and defence contractors. Handala officially took credit for the March 11 cyber assault on Stryker, during which the hackers erased data from thousands of employee devices. The group stated that this action was in response to a U.S. airstrike on an Iranian school that allegedly killed 168 children, according to Iranian officials.
FBI Director Kash Patel remarked in the DOJ’s release that they have dismantled four critical components of the operation and are not finished yet. Alongside the Handala websites, two additional domains associated with another hacktivist group, “Justice Homeland,” were also seized. The DOJ linked the MOIS to this group, which had claimed responsibility for a 2022 attack on the Albanian government that disrupted its servers and led to sensitive data breaches.
In a court affidavit supporting the seizure of Handala’s websites, the FBI stated that Handala, Justice Homeland, and another related group called Karma Below are interconnected, operating as part of the same conspiracy. In response to the U.S. actions, Handala released a statement on its Telegram channel, characterising the government’s moves as desperate attempts to suppress its voice.
Cybersecurity expert Keith O’Neill noted that Handala has begun establishing new websites to evade the seizures. While attempts to reach the group for comment via their public channels went unanswered, a spokesperson from Iran’s Permanent Mission to the United Nations and representatives from Stryker also did not respond to requests for comment.
Alex Orleans, a threat intelligence expert with experience tracking Iranian hackers, suggested that the individuals behind the Handala persona might not be the same as those executing the hacking activities. This highlights the potential complexity and opacity within Iranian cyber operations, where various teams could be engaged in different aspects of the hacking efforts, thus complicating the identification of those directly responsible for the attacks.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
