Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Iran hackers who hit U.S. medtech firm claim retaliatory breach of FBI

The seizure message that appeared on Handala's former websites.

By Bridget Johnson

The hacking group that claimed responsibility for the massive wiper attack against medical technology company Stryker declared today that it breached the FBI in retaliation for the Justice Department’s response.

On March 19, the DOJ announced that it had seized four domains used by Iran’s Ministry of Intelligence and Security “in furtherance of attempted psychological operations targeting adversaries of the regime by claiming credit for hacking activity, posting sensitive data stolen during such hacks, and calling for the killing of journalists, regime dissidents, and Israeli persons.”

“For example, the MOIS used the Handala-hack[.]to domain to claim credit for a March 2026 destructive malware attack against a U.S.-based multinational medical technologies firm,” the DOJ said.

“The Iranian regime exploits cyberspace to advance authoritarian objectives, suppress democratic institutions, and undermine our national and economic security,” said FBI Baltimore Special Agent in Charge Jimmy Paul, from the field office investigating the case. “The FBI will act swiftly, deliberately, and proactively to disable cyber threats to America and use every available authority to ensure those responsible are identified, apprehended, and held accountable.”

Handala announced in a Telegram statement that day the creation of a new website and directly address the DOJ statement by claiming in part that “no threat, whether in cyberspace or on the real battlefield, can shake our resolve; on the contrary, every threat makes us more alert, more united, and more determined.”

Today, Handala claimed “FBI Breach coming soon” in a Telegram post.

“The FBI shouldn’t have started a confrontation and conflict with us,” Handala continued. “Soon you will realize that the FBI’s security was nothing more than a joke. Are you ready for the biggest security breach of the past decade?”

No evidence of a breach had been posted as of this article’s publication.

Handala claimed in a Wednesday post on Telegram that it had also targeted Lockheed Martin employees.

In a corresponding website post, Handala issued a 48-hour response time for the “new phase of Operation Lockheed Martin,” claiming that they had “the complete data of 28 senior engineers based in the occupied territories and involved in military projects” including names, home addresses and service bases. They released a list of names and locations as well as some passport images.

They posted an image depicting a text message, obscuring the phone number except for the +972 Israel country code, in which the recipient was told that their “credentials as a Senior Engineer at Lockheed Martin have just been broadcast on Iranian television.”

“You have 48 hours to return home, after that, keep your eyes on the sky,” the message added.

Click to listen highlighted text!