FBI Takes Down Sites Linked to Stryker Hack Group

The FBI has seized and shut down two websites tied to Handala, a pro-Iranian hacktivist group that recently claimed responsibility for a damaging cyberattack on U.S. medical technology giant Stryker.

Visitors to the group’s websites are now greeted with a federal seizure notice instead of the usual content. One of the sites had been used by Handala to showcase its hacking campaigns, while the other reportedly published personal details of dozens of individuals allegedly linked to Israeli military organizations and defense contractors, including Elbit Systems and NSO Group.

While U.S. authorities haven’t publicly detailed the exact reason behind the takedown, the language in the seizure notice suggests the sites were connected to state-backed cyber activity. According to the notice, law enforcement determined the domains were being used to “conduct, facilitate, or support malicious cyber activities” linked to a foreign state actor. The U.S. government said the move aims to disrupt ongoing operations and prevent further harm.

Technical checks of the websites’ infrastructure show that their domain records now point to servers controlled by the FBI, confirming the seizure.

The FBI and the Department of Justice have not yet responded to requests for additional comment.

Handala, however, quickly reacted. In posts shared on its Telegram channel, the group acknowledged the takedown and criticized the move as an attempt to silence them. The hackers claimed the action reflects fear among their opponents and insisted their operations would continue despite the disruption. Around the same time, the group’s account on X (formerly Twitter) was also suspended.

The group has been active since at least October 2023, following the Hamas attacks, and is widely believed to have links to Iran. Just last week, Handala said it carried out a cyberattack on Stryker, a major global medical company with more than 56,000 employees.

According to the group, the attack was retaliation for a U.S. missile strike that allegedly hit an Iranian school, killing at least 175 people, many of them children. Stryker, which last year secured a $450 million contract with the U.S. Department of Defense, became a high-profile target.

Reports suggest the hackers gained access through an internal administrator account, giving them extensive control over Stryker’s Windows network. They allegedly took over the company’s Intune management system — a tool used to oversee employee devices — and used it to remotely wipe data from both corporate and employee-owned systems.

Stryker said earlier this week that it is still working to restore its systems and recover from the attack.

Cybersecurity experts say the FBI’s move could slow the group down, at least temporarily. Nariman Gharib, a U.K.-based Iranian activist and cyber-espionage investigator, noted that disrupting the group’s infrastructure is a significant step. However, he warned that it may not stop them entirely, as future data leaks could still emerge through channels linked to Iran’s military networks.

Also read : Rebel Audio wants to make podcasting as easy as hitting record