The U.S. Justice Department has accused Iran’s government of orchestrating the hacktivist group Handala, which recently claimed responsibility for a cyberattack on the U.S. medical technology company, Stryker. In a press release, the DOJ stated that Iran’s Ministry of Intelligence and Security (MOIS) operates Handala, which it describes as a fabricated activist persona used to carry out psychological operations against the regime’s opponents, claim responsibility for cyberattacks, and disseminate stolen data. The group also allegedly called for violence against journalists, dissidents, and Israeli individuals.
This announcement came shortly after the FBI seized two websites associated with Handala, which were allegedly used for publicizing cyberattacks and releasing the personal information of people purportedly linked to the Israeli military and defense sector. The group took credit for a March 11 attack on Stryker, where hackers erased tens of thousands of employee devices, purportedly in retaliation for a U.S. airstrike on an Iranian school that reportedly killed 168 children.
FBI Director Kash Patel stated, “We took down four of their operation’s pillars and we’re not done.” In addition to these websites, the DOJ has seized two other domains allegedly used by Iran’s MOIS under the personas “Justice Homeland” or “Homeland Justice.” These domains were linked to a 2022 cyberattack on the Albanian government, which resulted in server disruptions and data theft. Microsoft also attributed this attack to the MOIS.
An FBI affidavit suggested that Handala, Justice Homeland, and Karma Below are operated by the same individuals. Handala dismissed the DOJ’s actions as desperate attempts to silence them.
According to cybersecurity researcher Keith O’Neill, Handala has already created new domains that remain unseized. The group did not respond to requests for comment, nor did Iran’s UN mission or Stryker. Alex Orleans from Sublime Security suggested that those behind Handala may not be the direct hackers, noting the complexity and potential for multiple teams within the larger MOIS framework.