The FBI has seized multiple domains tied to an Iranian-linked hacking group responsible for a disruptive cyberattack on medical technology firm Stryker.
According to the Justice Department, the enforcement action included domains associated with the “Handala” group now display seizure notices after U.S. authorities moved to disrupt the group’s infrastructure. The action follows claims by the group that it wiped more than 200,000 systems and exfiltrated roughly 50 terabytes of data.
[See Related: The Stryker Cyberattack from a CISO’s Point of View]
U.S. agencies, including CISA, have warned that attackers are exploiting weaknesses in endpoint management systems and are urging organizations to adopt phishing-resistant MFA and stronger privileged access controls.
Handala has been active since at least 2023 and is known for deploying destructive wiper malware targeting both Windows and Linux environments.
The takedown reflects a broader strategy shift toward dismantling attacker infrastructure. For enterprises – and MSPs managing distributed endpoints – it underscores how identity systems and device management platforms are increasingly central to both attack paths and defense.
Image Credit: David Trinks
