The U.S. Justice Department alleged Iran’s government was orchestrating the cyberactivist collective Handala, which last week asserted accountability for the damaging digital assault against the U.S. healthcare technology behemoth Stryker.
According to a press statement released Thursday, the Department of Justice stated Iran’s Ministry of Intelligence and Security (MOIS) oversees Handala’s operations.
The Justice Department labeled the group a fabricated activist identity that the Iranian ministry employed to execute “psychological operations” targeting adversaries of the regime, to assert culpability for cyber assaults, and to disseminate pilfered data acquired through those breaches. The group also advocated for the assassination of journalists, critics of the regime, and Israeli individuals, as per the DOJ’s report.
This disclosure followed mere hours after the FBI took control of two web domains associated with Handala, initially reported by TechCrunch. The group utilized these sites to broadcast its supposed digital intrusions, as well as to disclose the private data of numerous individuals purportedly employed by the Israeli armed forces and defense firms.
Handala claimed responsibility on its online platform for the March 11 digital assault against Stryker, whereby the perpetrators remotely erased data from tens of thousands of employee devices. The hackers stated the infiltration was an act of reprisal for an American aerial bombardment of an Iranian school, resulting in the deaths of dozens of children.
In the DOJ’s press release, FBI director Kash Patel was cited stating that the FBI “dismantled four cornerstones of their operation, and our work is ongoing.”
Beyond the two web domains employed by Handala, the DOJ also confiscated two additional domains purportedly utilized by Iran’s MOIS through another cyberactivist identity known as “Justice Homeland” or “Homeland Justice.” The DOJ alleged that Iranian state-sponsored hackers used these two domains to assert accountability for the 2022 breach of the Albanian government, a digital assault that led to government servers being incapacitated and confidential information being stolen. Microsoft similarly connected the assault on the Albanian government to the MOIS.
Within a sworn statement presented in court to justify the confiscation of Handala’s websites, the FBI asserted that Handala, Justice Homeland, and another cyberactivist identity known as Karma Below, “belong to the same illicit scheme as they are managed by the identical persons.”
Reach Out
Do you have additional details regarding Handala, or other Iran-affiliated cyber intrusions? Using a personal device, you may confidentially connect with Lorenzo Franceschi-Bicchierai via Signal at +1 917 257 1382, or through Telegram, Keybase, and Wire @lorenzofb, or via electronic mail.
Handala reacted to the DOJ’s declaration in a communiqué published on its authorized Telegram channel, where the perpetrators characterized the U.S. government’s measures as “merely the most recent frantic endeavors by the United States and its confederates to suppress Handala’s voice.”
Keith O’Neill, a cybersecurity researcher at DomainTools, informed TechCrunch that Handala has already established fresh domains that remain unconfiscated.
The cybercrime collective failed to reply to a request for a statement dispatched to a chat account promoted by the hackers, alongside an email address pinpointed by the Department of Justice in its sworn testimony.
A representative for Iran’s Permanent Mission to the United Nations did not reply to TechCrunch’s query for a statement. Stryker likewise offered no response to a request for comment.
Alex Orleans, Sublime Security’s head of threat intelligence, who has monitored Iranian cyber operatives for an extended period, informed TechCrunch that it’s conceivable the individuals maintaining the Handala identity are not the same ones executing the actual digital intrusions.
“Handala doesn’t strictly correspond, precisely, with the entities performing the actions it claims credit for,” Orleans remarked. “There might be several groups carrying out genuine infiltrations while a separate unit is tasked with upholding the persona — with all these discrete components operating within a broader, unified MOIS structure.”
“A certain degree of obscurity exists there that can prove challenging to decipher,” he stated.
{content}
Source: {feed_title}