Iranian Hackers Quickly Restore Website After FBI Domain Seizure

A hacking group linked to Iran's intelligence ministry has restored its website just one day after the FBI seized its internet domains. The group, known as Handala Hack Team, had claimed responsibility for a cyberattack on Michigan medical device company Stryker earlier this month.

An Iranian government-connected cyber group has successfully brought its website back online within 24 hours of federal authorities seizing its internet domains, demonstrating the persistent nature of state-sponsored hacking operations.

Federal investigators on Thursday took control of four web domains belonging to the “Handala Hack Team,” which operates as a front for Iran’s Ministry of Intelligence and Security psychological warfare division, according to the Department of Justice.

The hacking collective had previously taken credit for launching a destructive cyber assault against Michigan-based medical technology corporation Stryker on March 11.

By Friday, the group had posted a defiant message on their newly established website, calling the federal seizures “desperate attempts by the United States and its allies to silence the voice of Handala.”

Cybersecurity expert Ari Ben Am from the Foundation for Defense of Democracies Center on Cyber and Technology Innovation noted that Iranian cyber units have proven remarkably adaptable to law enforcement actions.

“Iranian threat actors, MOIS in particular, are no strangers to takedowns,” Ben Am explained. “Handala alone has had tens of Telegram channels, X accounts and domains taken down, and these takedowns have never slowed them down significantly. It will be trivial for Handala and its MOIS operators to get that content back up on another domain very, very soon.”

Court documents filed by the FBI in support of the domain seizures reference the March 11 attack on what investigators describe as a major American multinational medical technologies company, with details matching the assault on Stryker.

A Justice Department representative confirmed Friday that the FBI’s court filing “asserts that there is probable cause to believe that the operators of the ‘Handala’ persona are members of a conspiracy that carried out a destructive malware attack against a U.S.-based multinational medical technologies firm.”

Stryker acknowledged the cyber incident in a March 19 company statement, reporting progress in restoring critical business systems while emphasizing that their medical products remained safe for patient use.

“We’re grateful to the government for their efforts to seize domains linked to the purported threat actors,” the medical device manufacturer stated.