Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The FBI seized and shut down two websites linked to the pro-Iranian group Hanzala, which had It claimed responsibility for a devastating cyber attack Against the American medical technology giant Stryker.
As of Thursday, the contents of the site where Handala posted the hacks, as well as another site the group used to go after dozens of people for their alleged ties to the Israeli military and defense contractors, such as Elbit Systems and NSO Group, were replaced with a banner announcing the law enforcement action.
The seizure announcement did not say why the FBI and Department of Justice shut down the sites. But the language used seems to indicate that US authorities believe these sites are run by hackers linked to a foreign government.
“Law enforcement authorities have determined that this domain was used to conduct, facilitate, or support malicious cyber activities on behalf of or in coordination with a foreign state actor,” the seizure announcement said. “The United States government has taken control of this domain to disrupt ongoing malicious cyber operations and prevent further exploitation.”
TechCrunch confirmed the site’s takeover by examining its nameserver logs, which now point to servers controlled by the FBI.
The FBI and Department of Justice did not immediately respond to TechCrunch’s request for comment.
In a series of announcements posted on the group’s official Telegram channel on Thursday, Handala admitted to blocking his websites, calling the seizures a “desperate attempt to silence our voice.”
“This act of digital aggression only highlights the fear and anxiety our actions have instilled in the hearts of those who oppress and deceive,” the hackers wrote. “Although they attempt to erase evidence and hide their crimes through censorship and intimidation, their actions only underscore the impact of our mission. The pursuit of justice cannot be stopped by shutting down a website. The movement for truth will continue and grow stronger.”
Hanzala X account It was also recently suspended.
The group did not respond to the message sent to their official chat account.
And you will go far He was active At least since the October 7, 2023 attacks by Hamas, he is believed to have ties to the Iranian regime. Last week, the group claimed responsibility for the attack on the American pharmaceutical company Stryker, which has more than 56,000 employees in dozens of countries. The hackers said the hack was in retaliation US government missile strike That struck an Iranian school, killing at least 175 people, most of them children.
Last year, Stryker signed Contract worth $450 million Supplying medical devices to the Ministry of Defense.
Handala reportedly hacked into an internal Stryker administrator’s account and made gains Almost unlimited access To the company’s Windows network. At that point, hackers allegedly took over Stryker’s Intune dashboards, a tool designed to allow the company to manage employees’ laptops and mobile devices remotely, which included the ability to delete data.
By accessing these dashboards, the hackers were reportedly able to wipe down devices owned by both the company and its employees.
On Tuesday, Stryker She said she is still working to restore her computers and internal network After hacking.
Nariman Gharib, a UK-based Iranian activist and independent cyberespionage investigator, told TechCrunch that the removals are good news.
“Their organizational and administrative structure is currently broken, and at any moment, members of this group may be targeted by missile strikes, just like other cyber forces of the regime,” Gharib told TechCrunch.
“But this does not mean that their activities may stop – no. It is possible that this group will publish future leaks through media outlets close to the Iranian Revolutionary Guard,” referring to the country’s military.