US removes Pro-Iranians websites linked to Stryker cyberattack
Watch Microsoft, Google At Iran's Crosshairs? US Tech Giants Named In IRGC's Hit list Amid War Microsoft, Google At Iran's Crosshairs? US Tech Giants Named In IRGC's Hit list Amid War
The Domains handala-hack[.]to and handala-redwanted[.]to
On March 11, 2026, Handala Hack, via the Handala-hack[.]to domain, claimed credit for conducting a destructive malware attack against a U.S.-based multinational medical technologies firm. The Handala Hack persona claimed the hack was retaliation for “ongoing cyber assaults against the infrastructure of the Axis of Resistance.”
As of March 9, 2026, Handala Hack, via the Handala-redwanted[.]to domain, posted the names and sensitive PII of approximately 190 individuals associated with or employed by the Israeli Defense Force (IDF) and/or Israeli government. The Handala Hack posting contained threats indicating the individuals were being monitored, their residences were known, and that consequences would soon follow.
On March 6, 2026, Handala Hack, via the Handala-hack[.]to domain, posted names and confidential data corresponding to individuals Handala Hack claimed worked for the IDF. The post stated, in part, “Your iPhone 12 Pro Max holds no security for us; we even know your exact location…,” and urged “People of the Axis of Resistance! See these names and respond to these Zionist pigs yourselves.”
On March 6, 2026, Handala Hack, via the Handala-hack[.]to domain, claimed it stole 851 gigabytes of confidential data from members of the Sanzer Hasidic Jewish community, including “documents of financial cooperation, witchcraft ceremonies, and secret correspondences with Netanyahu ...” The post continued “We warn the leaders and members of the Sanzer Hasidic community: No place is safe for you. Betrayal of the oppressed leads to nothing but disgrace and shame. Expect more documents to be revealed. Handala Hack[.]”
The Domains Justicehomeland[.]org and Karmabelow80[.]org
US Federal Bureau of Investigation (FBI) recently shared an online post announcing seizure of multiple domains linked to Iranian intelligence that were actively used to “facilitate cyberattacks, post stolen data, and call for the killing of regime dissidents and US residents”. The post also shared an image that quoted FBI Director Kash Patel who said: “Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents. We took down four of their operation's pillars and we're not done. This FBI will hunt down every actor behind these cowardly death threats and cyberattacks and will bring the full force of American law enforcement down on them”.Days after Iranian hacking group Handala attacked America’s largest medical device maker Stryker, FBI announced it has seized two websites linked to the group – handala-hack[.]to and handala-redwanted[.]to. While the official communication from Justice department and FBI does not explicitly mention Stryker, it says “the MOIS used the Handala-hack[.]to domain to claim credit for a March 2026 destructive malware attack against a U.S.-based multinational medical technologies firm.”“The Justice Department announced the seizure of four domains as part of an ongoing effort to disrupt hacking and transnational repression schemes conducted by the Islamic Republic of Iran’s Ministry of Intelligence and Security (MOIS). The affidavit supporting the seizure warrant can be found here. The seized domains – Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, and Handala-Redwanted[. ]to – were used by the MOIS in furtherance of attempted psychological operations targeting adversaries of the regime by claiming credit for hacking activity, posting sensitive data stolen during such hacks, and calling for the killing of journalists, regime dissidents, and Israeli persons,” the official announcement reads.As alleged in court documents, after the U.S.-Iran conflict began on February 28, 2026, the MOIS-controlled domains handala-hack[.]to and handala-redwanted[.]to published personally identifiable information (“PII”) associated with targeted individuals. The domain handala-hack[.]to also claimed responsibility for hacks conducted by the group. Specifically:The domains Justicehomeland[.]org and Karmabelow80[.]org were the official websites of a shell hacktivist entity used by MOIS. On or about July 15, 2022, and September 9, 2022, MOIS actors used the Justicehomeland[.]org domain to claim responsibility for stealing sensitive documents from Albanian government organizations. The motivation for leaking this information appears to be the Albanian government’s decision to support an Iranian dissident group called Mujahedeen e-Khalq or “MEK. ” MEK has, in the past, openly advocated for the overthrow of the Iranian government.In addition to these enforcement actions, the Department of State’s Rewards for Justice program is offering a reward of up to $10 million for information on any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse. Read more about this reward offer on the Rewards for Justice website.The FBI Baltimore Field Office is investigating the case, in coordination with FBI Cyber Division.The United States Attorney’s Office for the District of Maryland and the National Security Division’s National Security Cyber Section are prosecuting the case.