The FBI (Federal Bureau of Investigation) seized two websites this week linked to a pro-Iranian hacking group known as the Handala Hack Team. 

The action was carried out in conjunction with the U.S. Department of Justice as part of a coordinated operation to disrupt cyber activities considered malicious and linked to a foreign actor.

The two domains seized by the FBI:

1. One served as a central site where the Handala group published information about its hacking operations.

2. The other was used to publish personal data (“doxing”) of individuals allegedly linked to Israeli defense or technology companies (such as Elbit Systems or NSO Group).

Both sites now display an official notice stating that the infrastructure has been seized by U.S. federal authorities because it was determined that it was used to “facilitate malicious cyber activities on behalf of, or in coordination with, a foreign state actor.”

Handala Hack Team is a hacktivist group that presents itself as pro-Palestinian and has been active since at least late 2023.

Although the group describes itself as “activist,” it is believed to operate with at least tacit support from Iranian state actors or as a less official face of Iranian-led operations.

This group has claimed responsibility for politically motivated attacks, including network data wipes, information leaks, and the publication of target lists.

The police operation comes just after Handala claimed responsibility for a significant cyberattack against Stryker Corporation, a large medical technology company with tens of thousands of employees.

According to the group:
• They accessed an internal Windows administrative account.
• They controlled the Microsoft Intune management system.
• And from there, they deleted data from tens of thousands of corporate and personal devices.

This incident underscores how cyber operations have become an integral part of current geopolitical tensions, where not only states launch attacks, but also government-affiliated or government-funded groups can participate in digital campaigns with political or strategic objectives.

Following the Stryker attack, agencies such as CISA (the U.S. Cybersecurity and Infrastructure Security Agency) and Microsoft have issued recommendations to strengthen device management systems, such as stricter access controls, multi-factor authentication, and least privilege policies.