- Iran-linked Handala Hack group launched cyberattacks on US company Stryker and Verifone in retaliation
- Stryker faced large-scale disruption on March 11, halting much of its global operations temporarily
- Handala Hack claimed to steal 51 terabytes of data and wiped over 200,000 devices and servers
Modern warfare is not limited to how precise a country's aerial strikes, drones and interceptors are. It goes way beyond, and Iran appears to have proven it, in response to the US and Israel's latest onslaught on Tehran and multiple other cities.
As Tehran's Shahed drones and advanced ballistic missiles struck Israel and American military assets in the Gulf, thousands of kilometres away, in Michigan, a medical technology company came under a large-scale cyberattack.
On March 11, tens of thousands of computers in the company Stryker were disrupted, and much of their global operations were halted.
Handala Group Claims Responsibility
The Iranian-linked group Handala Hack claimed responsibility for the attack. They called it retaliation for the Minab school strike.
On February 28, an American Tomahawk missile hit an elementary school in Minab, killing around 180 children. Joint military strikes also assassinated Iran's Supreme Leader, Ayatollah Ali Khamenei, and other top leaders.
Handala Hack claimed they stole 51 terabytes of company data and wiped over 2 lakh systems, servers, and mobile devices.
A newly created Handala website lists the group's claimed operations, including Wednesday's attacks on Stryker and Verifone, a payments company that produces point-of-sale card machines and software.
“This attack is a decisive and direct response to the Zionist regime's airstrikes targeting banking infrastructure,” Handala wrote about Verifone. “Every blow will be met with an even greater response.”
About The Handala Group
Handala Hack is an Iranian threat actor tracked by Check Point Research as Void Manticore. It is linked to Iran's Ministry of Intelligence and Security (MOIS) and is believed to be a primary cyber-retaliatory arm for the Iranian regime. Other known aliases include Red Sandstorm, Banished Kitten, Karma, and Homeland Justice.
Handala has targeted Israeli businesses, government agencies, and political officials, as well as Albanian government institutions.
The name and logo of the group draw from the Palestinian cartoon character Handala, a symbol of resistance.
Handala's Hacking Tactics
- The group is known for destructive “wiper” attacks.
- It primarily relies on manual, hands-on operations rather than fully automated malware campaigns.
- Handala uses malware to delete or damage data on computers and servers.
- Hack-and-Leak: They steal sensitive information and sometimes make it public.
- The group posts updates online to show their actions and link them to political goals.
- They have exposed personal information of Israeli Air Force staff.
- By disrupting operations and leaking data, they aim to reduce public confidence in security agencies.
- They trick employees into giving access using fake emails or software updates.
- They also use tools like NetBird to hide traffic and AI-assisted scripts to wipe data faster.
Hacktivism
Handala first appeared publicly in late 2023 and was initially classified as a hacktivist group supporting Palestine.
Over time, cybersecurity experts said that Handala is closely tied to Iranian state interests. Gil Messing, of Israeli cybersecurity firm Check Point, called it “the most notorious group affiliated with the Iranian regime,” saying the group likely operates on behalf of Iran's MOIS, Reuters reported.
Palo Alto Networks' Unit 42 described Handala as “the most prominent Iranian persona in the hacktivist world.”
