Iran-Linked Hackers Restore Website After US Domain Seizures

The website used by an Iranian government-linked hacking unit that claimed responsibility for a March 11 cyberattack on a U.S. medical device maker is back up and running a day after the FBI and Department of Justice seized its internet domains.

Four domains associated with the 'Handala Hack Team' were seized, the Department of Justice said. Handala is one of several public personas used by a hacking unit operating under Iran's Ministry of Intelligence and Security (MOIS) as part of the agency's psychological operations.

On Friday, Handala said in a post on its website that the seizures were 'desperate attempts by the United States and its allies to silence the voice of Handala.'

Ari Ben Am, an adjunct fellow at the Foundation for Defense of Democracies Center on Cyber and Technology Innovation, noted the resilience of Iranian-linked hacking units. 'Handala and its MOIS operators will likely get that content back up on another domain very soon,' he said.

The domains seized included those used to claim the attack on Michigan-based Stryker. According to a partially redacted FBI affidavit, the attack targeted a major American multinational medical technologies firm on March 11, 2023.

Stryker stated on its website that it is restoring systems supporting customers, ordering, and shipping, and that its products remain safe. The company expressed gratitude to the government for seizing domains linked to the threat actors.