You might recall that a med tech company named Stryker got pwned in epic fashion by Iran based threat actors. Click here if you need to get the details on that. Now there’s news that the FBI has seized two websites used by the threat actors behind this attack who are known as Handala:
As of Thursday, the contents of a website where Handala publicized its hacks, as well as another website that the group used to dox dozens of people over their alleged ties to the Israeli military and defense contractors, such as Elbit Systems and NSO Group, were replaced by a banner announcing the law enforcement action.
The seizure announcement did not say why the FBI and the Justice Department took down the websites. But the language in them appears to indicate U.S. authorities believed these sites were run by hackers linked to a foreign government.
“Law enforcement authorities determined this domain was used to conduct, facilitate, or support malicious cyber activities on behalf of, or in coordination with, a foreign state actor,” read the seizure announcement. “The United States Government has taken control of this domain to disrupt ongoing malicious cyber operations and prevent further exploitation.”
Brian Bell, CEO of FusionAuth, has provided the following commentary:
“The Stryker attack demonstrates that authentication and authorization are not the same thing. Attackers didn’t need to break in. They walked through the front door with compromised credentials. The missing safeguard is contextual: organizations need systems that can recognize when a privileged action is anomalous and require additional verification at that moment, not just at login. Risk-based, step-up authentication is a necessary architectural layer for organizations managing sensitive infrastructure, not just a ‘nice-to-have.’ The FBI’s seizure of Handala’s infrastructure is welcome – but the next group will find a new front door. The architectural fix has to happen on the defender’s side.”
I applaud this. Actions like this won’t stop these groups, but it will make their lives a bit more miserable. But it would be better if organizations defended themselves so things do not escalate to this level.
Like this:
Like Loading...
Related
This entry was posted on March 19, 2026 at 2:49 pm and is filed under Commentary with tags FBI. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
FBI seizes Handala data leak site after Stryker cyberattack
You might recall that a med tech company named Stryker got pwned in epic fashion by Iran based threat actors. Click here if you need to get the details on that. Now there’s news that the FBI has seized two websites used by the threat actors behind this attack who are known as Handala:
As of Thursday, the contents of a website where Handala publicized its hacks, as well as another website that the group used to dox dozens of people over their alleged ties to the Israeli military and defense contractors, such as Elbit Systems and NSO Group, were replaced by a banner announcing the law enforcement action.
The seizure announcement did not say why the FBI and the Justice Department took down the websites. But the language in them appears to indicate U.S. authorities believed these sites were run by hackers linked to a foreign government.
“Law enforcement authorities determined this domain was used to conduct, facilitate, or support malicious cyber activities on behalf of, or in coordination with, a foreign state actor,” read the seizure announcement. “The United States Government has taken control of this domain to disrupt ongoing malicious cyber operations and prevent further exploitation.”
Brian Bell, CEO of FusionAuth, has provided the following commentary:
“The Stryker attack demonstrates that authentication and authorization are not the same thing. Attackers didn’t need to break in. They walked through the front door with compromised credentials. The missing safeguard is contextual: organizations need systems that can recognize when a privileged action is anomalous and require additional verification at that moment, not just at login. Risk-based, step-up authentication is a necessary architectural layer for organizations managing sensitive infrastructure, not just a ‘nice-to-have.’ The FBI’s seizure of Handala’s infrastructure is welcome – but the next group will find a new front door. The architectural fix has to happen on the defender’s side.”
I applaud this. Actions like this won’t stop these groups, but it will make their lives a bit more miserable. But it would be better if organizations defended themselves so things do not escalate to this level.
Share this:
Like this:
Related
This entry was posted on March 19, 2026 at 2:49 pm and is filed under Commentary with tags FBI. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.