Iranian Intelligence-Linked Handala Hack Team Restores Web Presence Following FBI Seizure of Cyberattack Domains

Handala Hack Team restores its website one day after a DOJ domain seizure following a destructive cyberattack on U.S. medical tech firm Stryker.

By: AXL Media

Published: Mar 20, 2026, 5:40 PM EDT

Source: Information for this report was sourced from Times of Israel

Resilience of State-Sponsored Cyber Units Challenges Federal Takedowns

The digital infrastructure used by an Iranian government-linked hacking collective is back online, highlighting the difficulty federal authorities face in permanently dismantling state-sponsored cyber personas. The FBI and Department of Justice had previously announced the successful seizure of four domains associated with the "Handala Hack Team," a group identified by U.S. officials as a psychological operations arm of Iran’s Ministry of Intelligence and Security. Despite this high-profile intervention, the group’s primary communication channels were restored within twenty-four hours, with the hackers labeling the U.S. legal actions as desperate attempts to silence their voice.

FBI Investigation Links Malware Campaign to Major Medical Firm

A recently unsealed FBI affidavit provides a detailed look at the probable cause behind the domain seizures, linking Handala to a significant breach of American infrastructure. Investigators assert that members of the conspiracy carried out a destructive malware attack on March 11, 2026, targeting a prominent multinational medical technologies firm. While certain specific references in the court documents remain redacted, the affidavit directly quotes messages posted by the Handala persona regarding an assault on the Michigan-based company Stryker. Federal prosecutors argue that these domains were essential tools used by the Ministry of Intelligence to broadcast their successful breaches and coordinate further malicious activity.

Stryker Begins System Recovery Following Destructive Cyber Breach

In a formal statement released on March 19, the medical technology firm Stryker confirmed it is currently in the process of restoring critical internal systems impacted by the March 11 event. The company is prioritizing the recovery of platforms that support customer ordering and shipping logistics to minimize disruption to the healthcare supply chain. Corporate leadership emphasized that despite the breach of their digital network, the physical safety and integrity of their medical products remain uncompromised. The firm also expressed public gratitude for the government's efforts to disrupt the threat actors' infrastructure, even as those actors successfully migrated to new web addresses.