The hackers behind a cyber attack targeting major global medical technology supplier Stryker have had several of their websites seized by United States authorities.
“The Justice Department announced the seizure of four domains as part of an ongoing effort to disrupt hacking and transnational repression schemes conducted by the Islamic Republic of Iran’s Ministry of Intelligence and Security (MOIS),” the DOJ said in a 19 March statement.
The domains listed by DOJ are: Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, and Handala-Redwanted[.]to.
The hackers have several other addresses, including a .onion site that can only be accessed via the Tor network. It is unknown at this time if they have been seized as well, though the .onion address appears to be down as of the time of writing.
FBI director Kash Patel was bullish regarding the success of the current operations against Handala and any future efforts to stymie the Iran-backed group.
“Iran thought they could hide behind fake websites and keyboard threats to terrorise Americans and silence dissidents,” Patel said.
“We took down four of their operation’s pillars, and we’re not done. This FBI will hunt down every actor behind these cowardly death threats and cyber attacks and will bring the full force of American law enforcement down on them.”
The FBI’s investigations revealed that hackers linked to the Handala group had directly threatened journalists and Iranian dissidents in the US and abroad. According to the FBI, several threatening emails were sent from the Handala_Team@outlook[.]com email address.
“We the Handala Hack team, the loyal followers of the supreme leader Ali Hosseini Khamenei, declare war on all the enemies of Islam in the West. Our partners, the CJNG [Jalisco New Generation Cartel] cartel in America and Canada have been given a list of our enemies who are responsible for our great leaders [sic] death,” the Handala email said.
“[Redacted names], you laughed like hyenas during the [redacted] show. We have hacked and revealed your home addresses in [redacted] and [redacted] to our partners in the CJNG who are in [redacted US state] and [redacted foreign country] now. Both of you will be executed soon, and we have offered a reward of $250,000 for the operatives who kills [sic] and beheads both of you. ALLAHU AKBAR[.]”
Older sites
Two of the seized domains – Justicehomeland[.]org and Karmabelow80[.]org – date back to hacktivist activity observed in 2022 that targeted Albanian government organisations.
“The motivation for leaking this information appears to be the Albanian government’s decision to support an Iranian dissident group called Mujahedeen e-Khalq or ‘MEK’,” the DOJ said.
“MEK has, in the past, openly advocated for the overthrow of the Iranian government.”
Additionally, the Department of State has offered a US$10 million reward for information on any individual engaging in malicious cyber activity on behalf of a foreign government.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.