The FBI has seized two websites used by the Iranian-linked Handala hacktivist group after a destructive attack on medical technology firm Stryker that wiped approximately 80,000 devices. The seizure notice states the domains were used to support malicious cyber activities tied to a foreign state actor, while Handala acknowledged the seizures and said it is rebuilding its infrastructure. #Handala #Stryker
Keypoints
- The FBI seized the handala-redwanted.to and handala-hack.to domains under a Maryland court seizure warrant.
- The seizure banner alleges the domains were used to conduct or facilitate malicious cyber activities linked to a foreign state actor.
- Handala compromised Stryker by using a domain administrator account to create a Global Administrator and issue Intune wipe commands.
- About 80,000 devices, including corporate and some personal managed devices, were factory reset during the Stryker incident.
- Domains now use ns1.fbi.seized.gov and ns2.fbi.seized.gov, Microsoft and CISA issued guidance, and Handala says it is rebuilding its infrastructure.