The United States has officially established a link between the Handala hacker group and the Iranian government. This confirmation coincided with the dismantling of several websites utilized by the group.
Handala’s Cyber Activities
For years, Handala has been a subject of interest for cybersecurity experts. Recently, the group intensified its operations amid the ongoing US-Israel-Iran tensions. Handala has been accused of multiple cyber-attacks against Israel, including disrupting military weather servers, seizing control of security camera feeds, and exposing intelligence personnel details.
One of its most notorious attacks was against the US-based medical technology company Stryker, where the group caused significant disruption by erasing thousands of systems.
Handala’s Alleged Connections
While the group projects itself as a pro-Palestinian hacktivist entity driven by anti-Israel sentiments, experts widely perceive Handala as a façade for Void Manticore. This is believed to be an Iranian state-sponsored threat actor operating under Iran’s Ministry of Intelligence and Security (MOIS).
The US Justice Department has now verified this connection, following the seizure of four domains used by Handala for psychological warfare.
Seized Websites and Government Actions
Authorities have taken control of four domains: Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, and Handala-Redwanted[.]to. The Justice Department stated that Iran’s MOIS used these sites for psychological operations against regime adversaries, claiming responsibility for cyber-attacks, and inciting violence against journalists and regime critics.
Additionally, a social media account linked to the hacker group was suspended recently. The US Department of State is offering a reward of up to $10 million for information on foreign hackers targeting critical infrastructure.
Related operations have also targeted other cyber threats, such as the disruption of Aisuru and Kimwolf DDoS botnets, and dismantling the Tycoon 2FA phishing platform.
