Technology

Iran-linked hackers restore website after US seizes domains

By AJ Vicens
Figurines with computers and smartphones are seen in front of the word "hacker" in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration

March 20 (Reuters) - The website ⁠used by an Iranian government-linked hacking unit that claimed responsibility for a March ⁠11 cyberattack on a U.S. medical device maker is back up and running a ‌day after the FBI and Department of Justice seized its internet domains.

Four domains associated with "Handala Hack Team" had been seized,the Department of Justice said on Thursday. Handala is one of several public personas used by a hacking unit ​operating under Iran's Ministry of Intelligence and Security (MOIS) as part ⁠of the agency's psychological operations, the DOJ ⁠said.

On Friday, Handala said in a post on its website that the seizures were "desperate attempts ⁠by ‌the United States and its allies to silence the voice of Handala."

The quick rebound highlights the resilience of Iranian-linked hacking units' public personas, said Ari Ben Am, an adjunct ⁠fellow at the Foundation for Defense of Democracies Center on ​Cyber and Technology Innovation.

"Iranian threat ‌actors, MOIS in particular, are no strangers to takedowns," Ben Am said. "Handala alone has ⁠had tens of ​Telegram channels, X accounts and domains taken down, and these takedowns have never slowed them down significantly. It will be trivial for Handala and its MOIS operators to get that content back up on another ⁠domain very, very soon."

The domains seized included those used ​to originally make the claim of the attack on Michigan-based Stryker, according to a partially redacted FBI affidavit filed in support of the seizure.

Specific references to the company are blacked out, but the ⁠affidavit refers toa March 11, 2026, cyberattack on a major American multinational medical technologies firm, and quotes the Handala message posted announcing the Stryker attack.

A DOJ spokesperson told Reuters on Friday the FBI affidavit "asserts that there is probable cause to believe that the operators of the 'Handala' persona are ​members of a conspiracy that carried out a destructive malware attack ⁠against a U.S.-based multinational medical technologies firm."

Stryker said in a March 19 statement on its website ​that it was restoring systems that directly support customers, ordering, ‌and shipping but that its products were safe.

"We're ​grateful to the government for their efforts to seize domains linked to the purported threat actors," the company said.

(Reporting by AJ Vicens in Detroit, Editing by Rosalba O'Brien)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News
Many teens face strong peer pressure to share sexual images, study finds
Drivers are watching YouTube and TikTok behind the wheel. Experts say it’s getting worse
Musk found liable to Twitter shareholders in fraud lawsuit over US$44bil takeover
Sezzle dismisses auditor Baker Tilly, appoints PwC for 2026
Cyber actors linked to Russia targeting users of messaging apps, FBI says
Roblox to overhaul ad policies, introduce revenue sharing in 2027
AI's demand for data could cause tight storage chip supplies, Solidigm executive says
Pinterest CEO calls for ban on social media for youth under 16
Ecolab to buy CoolIT for $4.75 billion to tap into AI data center boom
Trump releases AI policy to pre-empt state rules

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.