Iran's Ministry of Intelligence and Security is thought to have created the hacktivist persona Handala Hack, which is pro-Iranian and pro-Palestinian. People in the cybersecurity community keep an eye on it under the names Banished Kitten, Cobalt Mystique, Red Sandstorm, and Void Manticore. Handala Hack said they were responsible for damaging the networks of medical device and service provider Stryker by deleting a lot of company data and wiping thousands of employee devices.
The situation is made worse by the conflict between the U.S., Israel, and Iran, which has led Iran to launch a cyber offensive against Western targets. Handala Hack leaked Patel's private emails in response to a court-ordered operation that took control of four domains run by MOIS since 2022. The U.S.
The government is also offering a $10 million reward for information about group members. Handala Hack has since reappeared on a different clearnet domain, "handala-team[. ]to," where it called the domain seizures "desperate attempts by the United States and its allies to silence the voice of Handala."
The ongoing conflict has also led to new warnings that it could make operators of critical infrastructure sectors into easy targets for criminals. People connected to MOIS have been working more and more with the cybercrime ecosystem to help it reach its goals. Handala's use of the Rhadamanthys stealer in its operations is one example. MuddyWater uses the Tsundere botnet (also known as Dindoor) and Fakeset, which is a downloader that sends Castle loader.
Check Point said, "Such engagement offers a dual advantage: it enhances operational capabilities through access to mature criminal tooling and resilient infrastructure." "It has caused a lot of confusion, which has led to wrong attribution and bad pivoting," it said.
