U.S. authorities allege Iran's Ministry of Intelligence and Security controls Handala, linked to destructive hacks and propaganda.
The U.S. Justice Department has accused Iran's government of directing the hacktivist group Handala, which claimed responsibility for a cyberattack on U.S. medical technology company Stryker. The attack, which occurred on March 11, involved hackers remotely wiping tens of thousands of employee devices, according to the group's statements.
Handala is described by the Justice Department as a fabricated activist persona used by Iran's Ministry of Intelligence and Security (MOIS) to conduct psychological operations. These operations include claiming credit for cyberattacks and releasing stolen data to target enemies of the regime, such as journalists, dissidents, and individuals linked to Israel.
Actions Taken by U.S. Authorities
The FBI seized two websites associated with Handala, as detailed in a Justice Department press release. These sites were used to publicize cyberattacks and share personal information of alleged Israeli military personnel and defense contractors.
FBI Director Kash Patel stated in the press release that the agency dismantled key elements of Handala's operations, including the seized domains. The Justice Department also took down two other domains linked to MOIS through another persona, "Justice Homeland," which was tied to a 2022 hack on the Albanian government.
In the 2022 incident, hackers disrupted Albanian government servers and stole sensitive data, an attack Microsoft attributed to MOIS. An FBI affidavit supports that Handala, Justice Homeland, and another group called Karma Below are part of the same conspiracy operated by Iranian individuals.
Handala responded via its Telegram channel, dismissing the U.S. actions as attempts to suppress their activities. A cybersecurity researcher from DomainTools noted that Handala has established new domains that remain active, though no further details were provided in the reports.
Experts like Alex Orleans from Sublime Security indicated that the individuals behind Handala's persona might not be the same as those executing the hacks, suggesting a structured operation within MOIS. No responses were received from Iran's UN mission, Stryker, or Handala when contacted for comment.
