FBI/DOJ seize 4 Handala Hack Team domains; Iran-linked unit restores site within hours

The FBI and Department of Justice on Thursday (Day 20) seized four internet domains associated with "Handala Hack Team," an MOIS-linked (Iranian Ministry of Intelligence and Security) hacking unit. DOJ stated Handala is "one of several public personas used by a hacking unit operating under Iran's Ministry of Intelligence and Security as part of the agency's psychological operations." The seizure targeted domains used to claim responsibility for a March 11, 2026 destructive malware attack on Michigan-based Stryker (SYK.N), a major US multinational medical technologies firm. A partially redacted FBI affidavit filed in support of the seizure stated "probable cause to believe that the operators of the 'Handala' persona are members of a conspiracy that carried out a destructive malware attack against a US-based multinational medical technologies firm." Stryker said March 19 it was restoring systems for ordering and shipping. Within hours of the seizure, Handala restored its website on a new domain and posted: "These are desperate attempts by the United States and its allies to silence the voice of Handala." Ari Ben Am (FDD): "Handala alone has had tens of Telegram channels, X accounts and domains taken down, and these takedowns have never slowed them down significantly. It will be trivial for Handala and its MOIS operators to get that content back up on another domain very, very soon."