FBI Takes Down Handala’s Digital Platforms
Two websites operated by the pro-Iranian hacktivist group Handala have been seized by the FBI. The action came just days after the group publicly claimed responsibility for a destructive cyberattack targeting the American medical technology corporation Stryker.
Visitors to the sites, which Handala used to publicize its hacks and dox individuals, were met with a stark law enforcement banner. The notice stated the domain was used to support malicious cyber activities coordinated with a foreign state actor. TechCrunch verified the seizure by checking the sites’ nameserver records, which now point to FBI-controlled servers.
The Department of Justice and FBI did not immediately comment on the specific reasons for the takedown. The language on the seizure notice, however, leaves little doubt about the U.S. government’s assessment.
Handala’s Response and Ongoing Campaign
How did the group react? In posts on its official Telegram channel, Handala acknowledged the website seizures. The group framed the move as a “desperate attempt to silence our voice” and a sign that its actions were causing fear among its targets.
“The pursuit of justice cannot be stopped by taking down a website,” the hackers wrote, vowing that their movement would persist. The group’s account on the social media platform X was also recently suspended.
Handala’s activities surged following the October 7, 2023, Hamas attacks. The group is widely believed to have ties to the Iranian regime. Its attack on Stryker, a company with over 56,000 employees, was claimed as retaliation for a U.S. missile strike on an Iranian school.
The Destructive Stryker Hack
What made the Stryker attack so severe? Handala reportedly breached an internal administrator account, gaining extensive access to the company’s Windows network. This access included Stryker’s Intune dashboards—tools designed for remotely managing employee laptops and mobile devices.
With control of these dashboards, the hackers possessed a dangerous capability: the power to remotely wipe data from company and employee devices. They allegedly used this access to carry out destructive actions, forcing Stryker into a major recovery effort.
As of this week, Stryker confirmed it is still working to restore its computers and internal network in the wake of the intrusion. The company had signed a $450 million contract with the U.S. Department of Defense last year to supply medical devices.
Disruption and Future Threats
While the website takedown represents a clear setback for Handala, experts caution it is unlikely to be a permanent solution. Nariman Gharib, a U.K.-based Iranian activist and cyber-espionage investigator, called the seizures good news but warned of continued activity.
“Their organizational and management structure is currently disrupted,” Gharib told TechCrunch. He suggested group members could now face greater physical risk, similar to other Iranian cyber operatives.
However, he noted that future leaks from the group could simply be published through media outlets aligned with Iran’s Islamic Revolutionary Guard Corps (IRGC). The digital conflict, it seems, has merely entered a new phase.
