US accuses Iranian government of operating hacktivist group that hacked Stryker

Το Υπουργείο Δικαιοσύνης των ΗΠΑ κατηγόρησε την government του Ιράν ότι βρίσκεται πίσω από την ομάδα χακτιβιστών Handala, η οποία την περασμένη εβδομάδα ανέλαβε την ευθύνη για την καταστροφική κυβερνοεπίθεση εναντίον του αμερικανικού γίγαντα ιατρικής τεχνολογίας Stryker.

In a Press release Published on Thursday, the Justice Ministry said Iran's Ministry of Intelligence and Security (MOIS) operates Handala.

The Justice Department called the group a fake activist figure that the Iranian ministry used to conduct “psychological operations” against regime enemies, claim responsibility for cyberattacks and publish stolen information obtained during those hacks. The group also called for the assassination of journalists, regime dissidents and Israeli individuals, according to the Justice Department.

The announcement came hours after the FBI seized two websites linked to Handala, as first reported by TechCrunch. The group used the sites to publicize alleged cyber attacks as well as to publish the personal information of dozens of people who allegedly worked for the Israeli military and defense contractors.

Handala took credit on its website for the March 11 cyberattack on Stryker, in which hackers remotely wiped tens of thousands of employee devices. The hackers said the breach was in retaliation for a U.S. airstrike on an Iranian school that killed 168 children. according to Iranian officials.

FBI Director Kash Patel was quoted in the DOJ press release as saying that the FBI "took down four of the pillars of the operation and we're not done."

In addition to the two websites used by Handala, the Justice Department also seized two other domains allegedly used by Iran’s MOIS through another hacktivist persona calling itself “Justice Homeland” or “Homeland Justice.” The Justice Department accused Iranian government hackers of using these two domains to claim responsibility for the 2022 hacking of the Albanian government, a cyberattack that resulted in the government’s servers being taken offline and sensitive data being stolen. Microsoft also connected the attack against the Albanian government in MOIS.

In an affidavit filed in court to support the seizure of Handala's websites, the FBI said that Handala, Justice Homeland and another hacktivist persona called Karma Below, "are part of the same conspiracy because they are operated by the same individuals."

Handala responded to the DOJ announcement in a statement posted on the official Telegram channel, where the hackers called the US government's actions "nothing more than the latest desperate attempts by the United States and its allies to silence Handala's voice."

DomainTools cybersecurity researcher Keith O'Neill told TechCrunch that Handala has already created new domains that have not yet been seized.

The hacker group did not respond to a request for comment sent to a chat account made public by the hackers, as well as to an email address identified by the Justice Department in its affidavit.

A spokesperson for Iran’s Permanent Mission to the United Nations did not respond to TechCrunch’s request for comment. Stryker also did not respond to a request for comment.

Ο Alex Orleans, επικεφαλής πληροφοριών απειλών στην Sublime Security, ο οποίος παρακολουθεί Ιρανούς χάκερ για χρόνια, είπε στο TechCrunch ότι είναι πιθανό τα άτομα πίσω από την περσόνα Handala να μην είναι τα ίδια άτομα που κάνουν το πραγματικό hacking.

“Handala is not necessarily one-to-one with the actors who are carrying out the activities for which it is being credited,” Orleans said. “There could be multiple groups carrying out the actual intrusions, while a separate group is responsible for maintaining the persona — with all of these distinct elements co-existing within a larger unified MOIS entity.”

"There's a level of opacity there that can be difficult to penetrate," he said.