The United States accuses the Iranian government of running a hacking group that hacked Stryker

The US Department of Justice accused the Iranian government of being behind the “Handala” group, which is active in the field of electronic piracy, and which it arrested last week. It claimed responsibility for the devastating cyber attack Against the American medical technology giant Stryker.

In a press release The Ministry of Justice, published on Thursday, said that Hanzala was run by Iran’s Ministry of Intelligence and Security.

The Justice Department described the group as a fake activist persona that the Iranian ministry used to carry out “psychological operations” against enemies of the regime, claim responsibility for cyberattacks, and publish stolen information obtained during those hacks. The group also called for the killing of journalists, regime opponents, and Israelis, according to the Justice Department.

This announcement came hours later The FBI seized two websites linked to Hanzalaas first reported by TechCrunch. The group used the sites to spread its alleged cyber attacks, as well as to publish the personal information of dozens of people who allegedly worked for the Israeli military and defense contractors.

On its website, Handala took credit for the March 11 cyberattack on Stryker, during which hackers remotely… Scan tens of thousands of employee devices. The hackers said the hack was in response to a US airstrike on an Iranian school, which killed 168 children. According to Iranian officials.

FBI Director Kash Patel was quoted in the Justice Department press release as saying that the FBI “took down four pillars of their operation and we’re not done yet.”

Aside from the two websites used by Handala, the Justice Department also seized two other domains allegedly used by the Iranian Ministry of Intelligence via another hacktivist persona calling herself “Al-Adala Al-Watan” or “National Justice.” The Justice Department accused Iranian government hackers of using these two domains to claim responsibility for hacking the Albanian government in 2022, in a cyberattack that took off government servers and stole sensitive data. Microsoft too Link attack Against the Albanian government to the Ministry of Intelligence.

in Affidavit The FBI, which was brought to court to support the seizure of Hanzala’s websites, said that Hanzala, Justice Homeland and another hacktivist named Karma Below, “are part of the same conspiracy because they are operated by the same individuals.”

Handala responded to the Justice Department’s announcement in a statement posted on its official Telegram channel, with the hackers describing the US government’s actions as “nothing more than the latest desperate attempts by the United States and its allies to silence Handala’s voice.”

Keith O’Neill, a cybersecurity researcher at DomainTools, told TechCrunch that Handala has already created new domains that have not yet been hacked.

The hacking group did not respond to a request for comment sent to the chat account posted by the hackers, as well as the email address identified by the Justice Department in its affidavit.

A spokesperson for Iran’s Permanent Mission to the United Nations did not respond to TechCrunch’s request for comment. Stryker also did not respond to a request for comment.

Alex Orleans, head of threat intelligence at Sublime Security who has tracked Iranian hackers for years, told TechCrunch that it’s possible that the people behind Handala’s character are not the same individuals doing the actual hacking.

“Handala does not necessarily mean that individual actors perform the activities for which they are credited,” Orleans said. “It is possible to have multiple teams conducting actual intrusions while a distinct team is responsible for maintaining character – with all of these distinct elements coexisting within a larger unified element of the Ministry of Intelligence and Security.”

“There is a level of opacity that may be difficult to penetrate,” he said.