The **FBI** has taken action against Iranian government-backed hacking operations, seizing four domains used to host information stolen from various targets, including the government of Albania, Iranian dissidents, Israeli government officials, and U.S. companies. The domains – Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, and Handala-Redwanted[.]to – were allegedly used by Iran’s Ministry of Intelligence and Security (**MOIS**) in campaigns dating back to 2022, operating under the moniker "Handala." ### Stryker Cyberattack Details Emerge Last week, "Handala" claimed responsibility for an attack on **Stryker**, a Michigan-based medical technology company. The group used one of the seized sites to publish stolen information and boast about wiping thousands of the company’s devices. Court documents reveal the attack's significant impact on **Stryker**, which provides critical technology to hospitals worldwide. Prosecutors stated the attack "had a direct impact on emergency medical services and hospitals within Maryland" and "prompted some hospitals to temporarily suspend connections" to the company due to the wiper incident. One **Stryker** employee at a Maryland hospital faced difficulties after their device was wiped. **Stryker** produces essential hospital technology, including bed sensors and hands-free communication devices. The disruption forced clinicians to rely on radio consultation and verbal descriptions, interfering with emergency medical care in some Maryland hospitals. **Stryker** has since assured customers that their technology is safe and not connected to the attack, which targeted internal corporate **Microsoft** systems. ### Microsoft Intune Exploitation The **FBI** recently released guidance to **Microsoft Intune** users, highlighting how the hackers exploited a native functionality – the device wipe feature – to destroy data on over 200,000 devices across **Stryker**’s employee base in the U.S., Ireland, India, and other countries. ### Targeting Israeli Officials and Jewish Community Prosecutors added that Handala's websites were used to post stolen information concerning Israeli government officials and Israeli Defense Force (**IDF**) employees. Following increased tensions between the U.S., Israel, and Iran, Handala allegedly posted addresses of **IDF** officials and sent threatening emails. The websites also hosted 851 GB of data allegedly stolen from members of the Sanzer Hasidic Jewish community. ### Albanian Government Attacks The **FBI** connected the Handala website to other domains used by Iran’s **MOIS** in operations dating back to 2022. One website hosted data stolen from Albania during two cyberattacks in 2022. The first attack occurred in July 2022, before a conference in Albania attended by members of the Mujahideen-e Khalq (**MEK**), an Iranian group considered a terrorist organization by Tehran. The attack disrupted government services. A second attack in September 2022 targeted Albania’s Total Information Management System. The Cybersecurity and Infrastructure Security Agency (**CISA**) reported that Iranian hackers had been inside Albania's networks for over a year, gaining access to government email systems and stealing correspondence between the U.S. and Albania. ### U.S. Response **FBI** Director Kash Patel stated the agency is actively investigating Iranian cyber operations. The State Department is offering a $10 million reward for information on those involved in creating the websites or participating in the cyberattacks. A group claiming to be Handala has launched a new website, responding to the takedowns and threatening further cyberattacks. Israeli officials have claimed that several Iranian leaders behind Handala were recently killed in airstrikes. <a href="https://www.recordedfuture.com/?utm_source=therecord&amp;utm_medium=ad"><figure><img src="https://cms.therecord.media/uploads/2025_0514_Record_Ads_970x250_1_d144dbf901.png" data-nimg="1" decoding="async" height="500" width="1000" alt="Recorded Future"></figure></a>