Iran-linked hackers restore website after US seizes domains
· CNA · JoinRead a summary of this article on FAST.
Get bite-sized news via a new
cards interface. Give it a try.
Click here to return to FAST Tap here to return to FAST
FAST
March 20 : The website used by an Iranian government-linked hacking unit that claimed responsibility for a March 11 cyberattack on a U.S. medical device maker is back up and running a day after the FBI and Department of Justice seized its internet domains.
Four domains associated with "Handala Hack Team" had been seized, the Department of Justice said on Thursday. Handala is one of several public personas used by a hacking unit operating under Iran's Ministry of Intelligence and Security (MOIS) as part of the agency's psychological operations, the DOJ said.
On Friday, Handala said in a post on its website that the seizures were "desperate attempts by the United States and its allies to silence the voice of Handala."
The quick rebound highlights the resilience of Iranian-linked hacking units' public personas, said Ari Ben Am, an adjunct fellow at the Foundation for Defense of Democracies Center on Cyber and Technology Innovation.
CNA Games
Guess Word
Crack the word, one row at a time
Buzzword
Create words using the given letters
Mini Sudoku
Tiny puzzle, mighty brain teaser
Mini Crossword
Small grid, big challenge
Word Search
Spot as many words as you can
Show More
Show Less
"Iranian threat actors, MOIS in particular, are no strangers to takedowns," Ben Am said. "Handala alone has had tens of Telegram channels, X accounts and domains taken down, and these takedowns have never slowed them down significantly. It will be trivial for Handala and its MOIS operators to get that content back up on another domain very, very soon."
The domains seized included those used to originally make the claim of the attack on Michigan-based Stryker, according to a partially redacted FBI affidavit filed in support of the seizure.
Specific references to the company are blacked out, but the affidavit refers to a March 11, 2026, cyberattack on a major American multinational medical technologies firm, and quotes the Handala message posted announcing the Stryker attack.
A DOJ spokesperson told Reuters on Friday the FBI affidavit "asserts that there is probable cause to believe that the operators of the 'Handala' persona are members of a conspiracy that carried out a destructive malware attack against a U.S.-based multinational medical technologies firm."
Stryker said in a March 19 statement on its website that it was restoring systems that directly support customers, ordering, and shipping but that its products were safe.
"We're grateful to the government for their efforts to seize domains linked to the purported threat actors," the company said.
Newsletter
Week in Review
Subscribe to our Chief Editor’s Week in Review
Our chief editor shares analysis and picks of the week's biggest news every Saturday.
Sign up for our newsletters
Get our pick of top stories and thought-provoking articles in your inbox
Get the CNA app
Stay updated with notifications for breaking news and our best stories
Get WhatsApp alerts
Join our channel for the top reads for the day on your preferred chat app