Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The US Department of Justice accused the Iranian government of supporting the Handala group, which last week he claimed to be the mastermind behind cyber-attacks against the US technology giant Stryker.
In a Press release published on Thursday, the Justice Department said that Iran’s Ministry of Intelligence and Security (MOIS) is working on Handala.
The Department of Justice called the group fake activists who Iran’s ministry used “psychological tactics” against state enemies, claiming they were responsible for cyberattacks, as well as disseminating stolen information that was discovered at the time. The group also called for the killing of journalists, government opponents, and Israeli citizens, according to the DOJ.
The announcement came hours later The FBI seized two websites linked to Handalaas predicted by TechCrunch. The group used these websites to publicize their alleged online activities, as well as to publish the information of many people who allegedly worked in the Israeli army and security forces.
Handala took credit on his website for the March 11 cyberattack on the Stryker, while the hackers are far away. wiped out thousands of workers’ tools. The hackers said the breach was retaliation for the US airstrike on an Iranian school, which killed 168 children. according to Iranian officials.
FBI Director Kash Patel was quoted in the DOJ filing as saying that the FBI “removed four of their pillars and we’re not done.”
In addition to the two websites used by Handala, the DOJ seized two other sites allegedly used by Iran’s MOIS through a person calling himself “Justice Homeland” or “Homeland Justice.” The DOJ accused Iranian government hackers of using the two domains to claim responsibility for hacking the Albanian government in 2022, in a cyber attack that resulted in government servers being taken offline and confidential information stolen. Microsoft as well linked the attack against the Albanian government to MOIS.
In testimony filed in court to support the confiscation of Handala’s websites, the FBI said Handala, Justice Homeland, and another criminal named Karma Pansipa, “are part of the same conspiracy because they are run by the same people.”
contact us
Do you have any information about Handala, or other Iranian-linked theft operations? From a non-working device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or on email.
Handala responded to the DOJ’s announcement in a statement posted on his Telegram channel, where the prosecutors called the US government’s action “the latest effort by the United States and its allies to suppress Handala’s voice.”
DomainTools cybersecurity researcher Keith O’Neill told TechCrunch that Handala has already launched new domains that it hasn’t yet implemented.
The hacking group did not respond to a request for comment sent to the social media account announced by the hackers, as well as the email address identified by the Department of Justice in its official statement.
A spokesman for Iran’s Permanent Mission to the United Nations did not respond to TechCrunch’s request for comment. Stryker also did not respond to a request for comment.
Alex Orleans, head of security threats at Sublime Security who has tracked the Iranians for years, told TechCrunch that it’s possible the people behind the Handala persona aren’t the same people doing the hacking.
“The trade is not equal, one-on-one, with the actors who are doing what they are proud of,” Orleans said. “There can be multiple groups that are intervening exactly where one group is in charge of maintenance – it’s all of these things that sit within the larger unified object of MOIS.”
“There’s a lot of light that’s hard to get in,” he said.
