Ethical Hacking News
The FBI has seized websites used by the notorious Handala hacktivist group after a devastating cyberattack on medical technology giant Stryker. The attack, which wiped approximately 80,000 devices, highlights the growing concern over state-sponsored hacking activity. In this in-depth article, we explore the context of the attack and the response from law enforcement agencies.
The FBI has taken action against Handala, an Iranian-linked hacktivist group believed to have conducted a devastating cyberattack on medical technology giant Stryker. The FBI seized two websites used by the Handala group and took control of them to disrupt ongoing malicious cyber operations and prevent further exploitation. The Handala group, also known as Handala Hack Team, Hatef, Hamsa, is a pro-Palestinian hacktivist group that targets Israeli organizations with destructive malware. The attack on Stryker used stolen Windows domain administrator credentials to wipe approximately 80,000 devices across the company's network. The FBI's action against Handala follows recent law enforcement efforts against Iranian-linked hacktivists and highlights the growing concern over state-sponsored hacking activity.
The Federal Bureau of Investigation (FBI) has taken action against a notorious Iranian-linked hacktivist group known as Handala, which is believed to have conducted a devastating cyberattack on medical technology giant Stryker. The attack, which occurred in early March 2026, resulted in the wiping of approximately 80,000 devices across the company's network.
The FBI has seized two websites used by the Handala hacktivist group, namely handala-redwanted.to and handala-hack.to clearnet domains. The seizure notice issued by the FBI states that these domains were taken under a seizure warrant issued by the District Court for the District of Maryland as part of a law enforcement action by the FBI.
According to the seized notice, the Handala group's activities may include unauthorized network intrusions, infrastructure targeting, or other violations of United States law. The FBI has also stated that it has taken control of these domains to disrupt ongoing malicious cyber operations and prevent further exploitation.
The Handala group, also known as Handala Hack Team, Hatef, Hamsa, is an Iranian-linked pro-Palestinian hacktivist group that first appeared in December 2023. These attacks reportedly targeted Israeli organizations with destructive malware designed to wipe Windows and Linux devices.
The attack on Stryker was notable for its use of a stolen Windows domain administrator account to create a new Global Administrator account, which was then used to issue the Microsoft Intune "wipe" command to factory reset approximately 80,000 devices. Employees whose personal devices were managed by the company also found their devices wiped.
The FBI's seizure of the Handala websites follows a pattern of aggressive law enforcement action against Iranian-linked hacktivists in recent months. In February 2026, the US government imposed sanctions on Chinese and Iranian firms for cyberattacks, highlighting the growing concern over state-sponsored hacking activity.
In addition to the actions taken by the FBI, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance on hardening Windows domains and securing Intune to prevent similar attacks at other companies.
The attack on Stryker has also raised concerns about the security of medical technology companies. In a statement, CISA urged US organizations to secure their Microsoft Intune systems after the breach, highlighting the importance of robust cybersecurity measures in protecting sensitive information.
The use of destructive malware and sophisticated cyberattack techniques by Iranian-linked hacktivists such as Handala is a growing concern for global cybersecurity experts. The attack on Stryker highlights the need for companies and individuals to prioritize their cybersecurity posture and take proactive steps to protect themselves against these types of threats.
In response to recent events, the Handala group has acknowledged the seizure of its websites and stated that they are in the process of creating new, more resilient infrastructure. However, this may not mitigate the impact of their previous actions, which have already caused significant disruption and harm to multiple organizations.
The FBI's action against Handala is a significant step forward in the ongoing effort to hold Iranian-linked hacktivists accountable for their actions. As the threat landscape continues to evolve, it is essential that law enforcement agencies and cybersecurity experts work together to stay ahead of emerging threats and protect individuals and organizations from harm.
Related Information:
https://www.ethicalhackingnews.com/articles/FBI-Cracks-Down-on-Handala-Hacktivist-Group-After-Destructive-Stryker-Cyberattack-ehn.shtml
https://www.bleepingcomputer.com/news/security/fbi-seizes-handala-data-leak-site-after-stryker-cyberattack/
https://techcrunch.com/2026/03/19/fbi-seizes-pro-iranian-hacking-groups-websites-after-destructive-stryker-hack/
https://thecyberexpress.com/who-is-handala-hackers-in-stryker-cyberattack/
https://research.checkpoint.com/2026/handala-hack-unveiling-groups-modus-operandi/
https://malpedia.caad.fkie.fraunhofer.de/details/win.hatef
https://intezer.com/blog/stealth-wiper-israeli-infrastructure/
https://www.geo.tv/latest/655225-who-are-handala-everything-you-need-to-know-about-hacktivist-group-behind-stryker
https://connect.securonix.com/threat-research-intelligence-62/iran-backed-handala-wiper-attack-devastates-stryker-globally-230
https://www.ransomlook.io/group/handala
https://apt.etda.or.th/cgi-bin/showcard.cgi?g=Handala+Hack+Team&n=1
Published: Thu Mar 19 12:08:26 2026 by llama3.2 3B Q4_K_M
