FBI seizes domains tied to Iranian hackers linked to Stryker cyberattack
Add Axios as your preferred source to
see more of our stories on Google.
Photo: Patrick T. Fallon/AFP via Getty Images
Iranian hackers tied to a recent U.S. cyberattack have been running a broader intimidation campaign that involved issuing death threats and suggesting they have ties to a Mexican cartel to "commit acts of violence," the Justice Department said Thursday.
Why it matters: The campaign shows Iran's cyber playbook is moving beyond hacking companies and is now pairing cyberattacks with tactics to coerce targets and shape narratives.
- Experts have warned that Iranian actors, including government groups and proxy cybercriminals, could escalate their digital attacks and start targeting U.S. critical infrastructure and launch influence campaigns to sway public opinion.
Driving the news: The FBI said Thursday it seized four domains used by actors tied to Iran's Ministry of Intelligence and Security.
- These include sites linked to the pro-Iranian "hacktivist" group Handala, which claimed responsibility for an attack on U.S. medical tech company Stryker last week.
- The FBI alleged the domains were used for "attempted psychological operations," including claiming cyberattacks, leaking stolen data and calling for the killing of journalists, dissidents and Israelis.
What they're saying: "Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents," FBI director Kash Patel said in a statement.
- "This FBI will hunt down every actor behind these cowardly death threats and cyberattacks and will bring the full force of American law enforcement down on them."
Between the lines: The FBI said the domains reflect a broader Iranian playbook of pairing cyberattacks with the selective leaking and the manipulation of stolen data to shape narratives and intimidate targets.
Zoom in: The two domains tied to Handala used those sites to publish the names and sensitive information of about 190 individuals tied to the Israeli military and government, per the FBI.
- An email account tied to Handala was used to send death threats to Iranian dissidents around the world, including in the U.S., per a Department of Justice statement.
- Those emails said, as part of the threats, that Handala was working with a Mexican cartel to target the group's "enemies," according to the DOJ.
Of note: In an affidavit, the FBI added that a recent Handala cyberattack disrupted hospital systems in Maryland, forcing providers to suspend connections to tools used to analyze patient data and vital signs.
- An employee's computer was wiped during the attack, the FBI added in the warrant.
- The FBI redacted the company's name, but Handala has claimed responsibility for the attack on Stryker.
Go deeper: First cyberattacks of war hint at Iran's playbook against U.S.
