Back

FBI Seizes Iranian Hacktivist Group Websites After Stryker Cyberattack

Severity: High (Score: 77.0)

Sources: Linkedin, Uk.Pcmag, Thecyberexpress, Bleepingcomputer, Infosecurity-Magazine

Summary

The FBI has seized two websites linked to the Iranian hacktivist group Handala following their cyberattack on Stryker Corporation, a U.S. medical technology firm. The attack, which occurred on March 11, 2026, involved the hackers gaining access to an internal administrative account and wiping data from approximately 80,000 devices using Microsoft Intune commands. The seized domains were used for doxing individuals linked to Israeli defense firms and for promoting the group's activities. The FBI's action is part of a broader effort to disrupt Iranian state-sponsored cyber operations. Handala has acknowledged the seizures and claimed they will continue their operations through new channels. The attack on Stryker disrupted the company's order processing, manufacturing, and shipping operations. The FBI's seizure notices indicate these domains were involved in malicious cyber activities on behalf of a foreign state actor. Key Points: • The FBI seized two Handala websites after a destructive cyberattack on Stryker Corporation. • Handala wiped data from approximately 80,000 devices using Microsoft Intune commands. • The seizure is part of ongoing U.S. efforts to disrupt Iranian state-sponsored cyber activities.

Key Entities

  • Data Breach (attack_type)
  • Malware (attack_type)
  • Albanian Government (company)
  • Stryker (company)
  • Verifone (company)
  • Outlook (company)
  • X (company)
  • Bahrain (country)
  • Canada (country)
  • Iran (country)
  • Iraq (country)
  • Israel (country)
  • handala-hack.to (domain)
  • handala-redwanted.to (domain)
  • justicehomeland.org (domain)
  • karmabelow80.org (domain)
  • netblocks.org (domain)
  • Government (industry)
  • T1021 - Remote Services (mitre_attack)
  • T1078 - Valid Accounts (mitre_attack)
  • T1136 - Create Account (mitre_attack)
  • T1485 - Data Destruction (mitre_attack)
  • T1489 - Service Stop (mitre_attack)
  • Android (platform)
  • IOS (platform)
  • Linux (platform)
  • Telegram (platform)
  • Windows (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed