Stryker hackers struck by FBI in domain seizure campaign

The domain seizures come hot on the heels of Handala's devastating attack on the medical tech firm

Emma Woollacott's avatar
By
published
in News
FBI seal and insignia pictured on the FBI headquarters building in Washington D.C., United States.
(Image credit: Getty Images)

The FBI has seized domains linked to Iranian cyber espionage activities, including those run by the group behind the Stryker attack.

Seized domains belonging to Handala – Handala-Hack and Handala-Redwanted – now feature notifications advising visitors that the sites have been seized by

The move by the FBI follows a highly disruptive attack by Handala on medical technology firm Stryker earlier this month.

Handala claimed to have wiped more than 200,000 systems, servers, and mobile devices, and to have extracted 50 terabytes of critical data.

Stryker develops a range of medical technology products, including surgical equipment, and has offices in 79 countries globally.

The incident had a particular impact on employees based in Ireland, according to reports, which represents one of the company’s largest innovation centers outside of the US.

The domain seizures follow a warning from CISA that organizations should harden their endpoint management system configurations in the wake of the Stryker attack.

Enterprises should use principles of least privilege when designing administrative roles, enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene, the security agency noted.

Elsewhere, organizations were urged to configure access policies to require Multi Admin Approval in Microsoft Intune – software exploited by Handala during the Stryker attack.

Intensified cyber espionage campaigns

Handala is one of a number of “hacktivist” groups that have emerged in recent years, and has been active since at least 2023.

Threat intelligence reports on the group show it often utilizes “wiper” malware techniques to destroy company data – which it used during the attack on Stryker.

“The Handala Hacking Team is notable for employing a wide range of sophisticated tactics and techniques, including data theft, phishing extortion, website defacement, and destructive attacks leveraging custom wiper malware that targets Windows and Linux environments,” Cisco Talos and Splunk’s Threat Research Team said in a 2024 blog post.

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

Emma Woollacott
Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.

Latest
You might also like
View More ▸