FBI Seizes Iranian On-line Leak Websites After Stryker Hack

U.S. federal brokers seized 4 net domains related to Iranian hacking operations days after a risk actor going by Handala posted screenshots it stated got here from contained in the IT programs of medical gadget producer Stryker.

See Additionally: New Assaults. Skyrocketing Prices. The True Price of a Safety Breach.

Handala – extensively suspected of being a entrance for Iranian intelligence – broke into the medical gadget maker’s Lively Listing on March 11, resulting in a disruption in ordering and delivery that also persists (see: Well being Sector Braces for Stryker Hack Provide Chain Shock).

It posted onto handala-hack.to proof of the hack and asserted that it deleted 12 petabytes from Stryker programs. Now, the web site shows a seizure discover left by the FBI and the Division of Justice.

Federal authorities moreover seized three different domains utilized by Iranian intelligence in hack-and-leak operations or to make threats justicehomeland.org, and handala-redwanted.to.

They had been capable of seize the domains as a result of the registrars used to create them, Public Curiosity Registry and Namecheap, are situated in america.

Iran “used the seized domains to dox and harass dissidents and journalists, incite violence towards Jewish communities and unfold Tehran’s anti-American propaganda,” stated Assistant Legal professional Normal for Nationwide Safety John A. Eisenberg.

Since america and Israel started a protracted bombing marketing campaign towards Iran on Feb. 28, Handala has been particularly energetic, posting what it stated had been 100,000 emails of a former Israeli intelligence agent now at a suppose tank, subscribers to the Telegram channel belonging to a pseudonymous Iranian netizen and the putative identities of senior Israeli army officers. It posted what it says was 851 gigabytes of confidential information from members of the Sanzer Hasidic Jewish group.

Handala despatched dying threats to Iranian dissidents and journalists, telling two in a March 1 e mail that it shared their names and residential addresses with “our companions,” the Jalisco New Technology Cartel, a Mexican transnational felony group.

The Stryker hack didn’t have an effect on particular person medical units, however the FBI in an affidavit stated that some hospitals in Maryland on March 11 responded to the assault by switching away from Stryker tools – it makes hands-free communications programs – to depend on radio and verbal exchanges. The Stryker assault “in some instances interfered with the supply of emergency medical care in Maryland hospitals,” the affidavit states.

One of many disrupted domains justicehomeland.org, figured closely in a 2022 assault towards Albania’s on-line service portal for residents. The location revealed paperwork that appeared to belong to the Albanian authorities and residential permits that appeared to belong to members of an Iranian opposition group residing in Albania, the Mojahedin-e-Khalq (see: US Sanctions Iranian Spooks for Albania Cyberattack).

Content material from the seized domains continues to be obtainable by way of archive.immediately, a web site of unsure possession that enables customers to save lots of copies of internet sites. A brand new Handala web site apparently appeared on-line late Thursday. The registrar used to create it’s the authorities of the Kingdom of Tonga, a Polynesian island nation that presents /to nation code top-level domains. “The voice of Handala won’t ever be silenced,” the location asserts.

FBI Director Kash Patel vowed that america is “not finished” with preventing Handala.