The U.S. agency took aim at one of the most active pro-Iranian threat groups, which has claimed responsibility for several other attacks.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

The FBI seized two websites belonging to Handala, a pro-Iranian hacktivist group that recently conducted a destructive data-wiping attack on U.S. medical technology company Stryker. The attack erased data from approximately 80,000 devices by compromising a Windows domain administrator account and using Microsoft Intune's factory reset command — no malware required. Handala confirmed the seizures on Telegram, framing them as censorship. The incident is part of a broader surge in cyberattacks following U.S. and Israeli airstrikes on Iran, with over 60 pro-Iranian hacktivist groups mobilizing and a reported 245% spike in attacks on critical infrastructure. Microsoft and CISA have since published guidance on hardening Intune management controls. Security experts emphasize that the real fix must come from defenders implementing contextual authentication and anomaly detection for privileged actions.

FBI Seizes Two Websites Linked to Pro-Iranian Group Handala