Blog Details

The FBI has seized two web sites frail by the Handala hacktivist group after the threat actors performed a unfavorable cyberattack on scientific skills large Stryker that wiped approximately 80,000 devices.

Every the hacktivist’s handala-redwanted[.]to and handala-hack[.]to clearnet domains now hide a seizure detect pointing out that the websites were seized below a seizure warrant issued by the District Court docket for the District of Maryland.

“This domain has been seized by the Federal Bureau of Investigation (“FBI”) pursuant to a seizure warrant issued by a United States District Court docket for the District of Maryland as aside of a regulations enforcement motion by the FBI. Law enforcement authorities sure this domain used to be frail to habits, facilitate, or beef up malicious cyber activities on behalf of, or in coordination with, a international bellow actor,” reads the seizure message.

“These activities may include unauthorized network intrusions, infrastructure targeting, or other violations of United States law.”

“Pursuant to the court-authorized warrant, the United States Government has taken control of this domain to disrupt ongoing malicious cyber operations and prevent further exploitation.”

Handala (additionally known as Handala Hack Group, Hatef, Hamsa) is an Iranian-linked, pro-Palestinian hacktivist group that first appeared in December 2023, and performed operations reportedly linked to Iran’s Ministry of Intelligence and Security (MOIS). These attacks centered Israeli organizations with unfavorable malware designed to wipe Windows and Linux devices.

While there has been no reliable announcement by regulations enforcement regarding the seizures, the domain name servers possess now been switched to those continuously frail by the FBI when seizing domains:

Name Server: ns1.fbi.seized.gov
Name Server: ns2.fbi.seized.gov

It isn’t very any longer known whether the FBI only seized the domains or additionally has win admission to to the website online’s relate and server logs.

This motion follows Handala’s massive cyberattack on US scientific large Stryker, by which they compromised a Windows domain administrator fable and created a brand new Global Administrator fable to make consume of in their attack.

They then issued the Microsoft Intune “wipe” exclaim to manufacturing unit reset approximately 80,000 devices, including computers and cell devices. Workers whose interior most devices were managed by the firm additionally found out their devices wiped.

Handala has acknowledged the website online seizures and wish for more “resilient infrastructure,” pointing out that they are in the approach of making new web sites to speak their attacks.

“In light of recent events and the need to establish secure and resilient infrastructure, we inform you that building a new digital base is a complex and time-consuming process,” reads a Telegram put up from the group.

“However, we remain committed to continuing our mission without interruption.”

After the attack, Microsoft and CISA released steering on hardening Windows domains and securing Intune to halt identical attacks at a few companies.