Fbi Seizes Website Tied To Iranian Cyberattack On U.s. Company, Hacker Group Says

The FBI appears to person seized nan website of an Iran-linked hacker group that claimed work for nan only known important cyberattack connected a U.S. institution since warfare betwixt nan countries started successful February.

The site, which antecedently chronicled nan group’s alleged exploits and hosted hacked files for download, connected Tuesday was replaced pinch a boilerplate image pinch nan logos of nan Justice Department and FBI. The agencies didn’t reply to a petition for comment.

“Law enforcement authorities wished this domain was utilized to conduct, facilitate, aliases support malicious cyber activities connected behalf of, aliases successful coordination with, a overseas authorities actor,” nan tract says.

The group, called Handala, is wide believed by American and Israeli cybersecurity experts who way it to beryllium an cognition by Iran’s Ministry of Intelligence and Security. The U.S. authorities has not publically tied it to a peculiar Iranian agency.

Last week, Handala took in installments for hacking Stryker, a Michigan-based, Fortune 300 aesculapian tech institution pinch offices astir nan world.

Handala’s X relationship was besides suspended. But its Telegram transmission was still progressive arsenic of Thursday morning. On it, nan group acknowledged they had mislaid power of nan site.

“To each truth-seekers and defenders of justice, We pass you that nan Handala RedWanted website, which was dedicated to exposing Zionist crimes and raising world awareness, has besides been seized and taken offline by bid of nan FBI. This fierce action reveals nan grade to which nan enemies of truth will spell to soundlessness voices that unveil their atrocities,” it said.

The Telegram station besides announced a caller website that it said would beryllium unrecorded soon.

While location is nary denotation nan Stryker cyberattack was technologically sophisticated, it still disrupted nan company’s “order processing, manufacturing and shipping,” nan institution said in a filing pinch nan Securities and Exchange Commission.

In its public statements, Stryker said nan hackers were only capable to entree nan company’s Microsoft accounts. The hackers look to person accessed a Microsoft programme called Intune, utilized to remotely negociate firm phones and laptops, and simply chosen to delete each information connected devices en masse, cybersecurity experts and a institution worker told NBC News.

Historically, immoderate of Iran’s most significant cyberattacks person been “wipers,” which delete victims’ machine networks en masse.

It’s unclear really large of a threat Iranian hackers stay to nan U.S., however. Handala has not announced immoderate important operations since nan Stryker hack much than a week ago. The only different awesome institution it has claimed to hack precocious is Israeli institution Verifone, which told NBC News it had not knowledgeable immoderate attacks connected its systems. Both Israel and nan U.S. subject are still engaged successful ongoing strikes against Iranian subject and different authorities targets.

The acting head of nan Cybersecurity and Infrastructure Security Agency, Nick Andersen, told reporters astatine a convention Wednesday that location had not been an uptick successful cyber threats since nan warfare pinch Iran started, nan cybersecurity news tract The Record reported.

CISA besides yet publically acknowledged nan hack Wednesday evening, pinch an announcement that companies should return attraction to unafraid entree to their Microsoft Intune accounts.

Gil Messing, nan Chief of Staff of Check Point, an Israeli cybersecurity company, said nan FBI seizing nan Handala tract would thief combat nan cognition of Iran’s cyber ability.

“It’s an important step, arsenic astir of Handala’s activity was to people their activity and create nan physiological effect of nan damage, moreover if exaggerated. So taking retired their websites and channels is hitting them wherever it matters,” he said.

However, it’s apt portion of an ongoing crippled of whack-a-mole, Messing said.

“In nan past they’ve managed to bypass takedown by bringing up caller channels instead.”