Medtech company Stryker says it’s back to being “fully operational,” three weeks after it became the most prominent victim to date of Iranian hackers, who said they attacked the Michigan-based company in retaliation over the conflict with the United States and Israel.

A March 11 wiper attack from the pro-Palestinian, Iranian government-connected group Handala damaged the company’s order processing, manufacturing and shipping. More recently, Handala claimed to compromise the data of FBI Director Kash Patel, although the FBI said no government information was taken.

“Production is moving rapidly toward peak capacity with discipline and stability, supported by restored commercial, ordering and distribution systems,” the company wrote in an update on its website Wednesday. “Overall product supply remains healthy, with strong availability across most product lines, as we continue to meet customer demand and support patient care.”

Stryker said it continues to work with outside cyber experts, government agencies and industry partners on its investigation and recovery.

“Patient care remains our highest priority, with a continued focus on supporting healthcare providers and the patients they serve,” it said. “This remains a 24/7 effort and the first priority of our entire organization.”

Iranian hackers have been busy since the U.S.-Israel strikes began, but have claimed few successes in the United States. Handala boasted this week about an attack on St. Joseph County, Indiana, where officials said they were investigating a hack of its external fax service.

This week, Handala also claimed to have penetrated the systems of Israel’s air defense systems and leaked documents about it. But Handala also has been accused of overselling its deeds.

The FBI seized some websites associated with Handala last month, and the State Department has offered a reward for information on the hacking group.

The post Medtech giant Stryker says it’s back up after Iranian cyberattack appeared first on CyberScoop.

The agency said Iranian hackers targeted the director’s personal email account and noted that the compromised information is old.

The post FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers appeared first on SecurityWeek.

Iranian hackers claimed Friday to have compromised the personal data of FBI Director Kash Patel, and the bureau confirmed that it knew of the targeting of Patel’s personal email.

The government-connected hacking group, Handala, previously claimed credit for hacking medical device maker Stryker, a boast that threat researchers considered credible.

“All personal and confidential email of Kash Patel, including emails, conversations, documents, and even classified files, is now available for public download,” Handala — also known as Handala Hack — said.

The group said it did so in response to the FBI seizing its domains and the U.S. government offering a $10 million reward for information on members of the group.

The FBI noted that Handala frequently targets government officials, and challenged elements of Handala’s claims, such as that it had brought the FBI’s systems “to its knees,” rather than Patel’s own email.

“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” the FBI said in response to questions from CyberScoop. “The information in question is historical in nature and involves no government information.”

The activist group Distributed Denial of Secrets published what it said was Patel’s email cache.

The FBI pointed to the State Department’s reward program seeking information on members of Handala.

“Consistent with President Trump’s Cyber Strategy for America, the FBI will continue to pursue the actors responsible, support victims, and share actionable intelligence in defense of networks,” it said. “We encourage anyone who experiences a cyber breach, or has information related to malicious cyber activity, to contact their local FBI field office.”

The post Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data appeared first on CyberScoop.

The FBI’s cyber chief is prioritizing preparation for stepped-up Chinese threats, enhanced confrontation of adversaries in cyberspace and quicker intelligence sharing with industry as the bureau enters the second and final month of a unique cybersecurity awareness campaign.

Brett Leatherman, who took over as assistant director of the FBI’s cyber division last summer, listed those topics as his three top priorities in a recent interview with CyberScoop. At least two of them overlap considerably with the bureau’s current awareness campaign, Operation Winter SHIELD.

It’s the kind of thing that might normally be more expected to come out of the Cybersecurity and Infrastructure Security Agency, which once had its own shield-themed campaign, rather than the FBI.

‘We’ve never done a media campaign like this before,” he said. “But while it’s atypical for a law enforcement agency to do this kind of technical media campaign, we thought it was incredibly important because it translates that law enforcement perspective [into] meaningful ways that industry can move the needle towards increased resilience across critical infrastructure, industry, government agencies and beyond.”

As part of the campaign, the FBI is highlighting 10 recommendations, like protecting security logs and implementing phishing-resistant authentication, that stem from the FBI’s incident response mission.

“The 10 recommendations that we’re making right now are not a surprise to many people out there who work or have cyber over the last few years, but it’s important that we also highlight that these 10 controls are the ways that we continue to see actors getting into fortune 100 businesses and small to medium businesses in virtually 99% or greater of the investigations we run,” Leatherman said.

The campaign has involved localized events for industry, podcasts, international appearances, coordinated messages with cyber-focused companies and more. They sometimes emphasize different threats based on where they’re held, or specific cases that demonstrate how not following the 10 recommendations has led to a past real-life breach. 

In the Honolulu field office, for instance, the FBI held a cyber executive summit with critical infrastructure owners and operators and other key partners. There, the emphasis was on how Hawaii is a potential target of Chinese hackers, especially with the possibility of a People’s Republic of China invasion of Taiwan in 2027.

Securing 2027 is the first priority for Leatherman as assistant director of the cyber division. The idea is to “defend the homeland against an increased PRC targeting of the homeland,” should a China-Taiwan conflict have U.S. spillover.

Leatherman’s second priority is better contesting U.S. adversaries in cyberspace, with joint, sequenced operations — “technical operations through our lawful authorities to remove capacity and capability from the adversary.” That includes looking for ways to enhance those operations with AI.

And his third priority circles back to information sharing with industry. Leatherman said the FBI has some unique cyber threat intelligence capabilities and wants to share it more quickly, so it can have an immediate impact.

Leatherman said Winter Shield is meant to serve as a complement to CISA’s work and vice-versa. The international component of the campaign still has an eye on the homeland, he said. “We’re helping partners understand the Internet is so interconnected now, companies are international, and if you just do this work here in the homeland, you’re at risk of actors targeting your international operations and pivoting into U.S.-based work,” he said.

The second Trump administration’s approach to the FBI has raised concerns from Congress, former agents and elsewhere about whether the bureau’s cyber focus is being curtailed. The bureau has lost veteran leadership, and FBI data that a top Senate Democrat released points to personnel being shifted to immigration-related tasks, including those drawn from cyber work. The administration has also proposed budget cuts for the bureau.

And the FBI’s parent agency, the Justice Department, has shut down a team that combats cryptocurrency crimes amid industry backlash toward U.S. government actions in cases like  Tornado Cash, which the Biden administration accused of abetting money laundering from ransomware outfits.

Leatherman said FBI Director Kash Patel and other bureau leaders have been strong backers of the FBI’s cyber mission.

“We have not moved resources from [the] cyber division,” he said. “We still have our virtual asset unit, we still have our Virtual Currency Response Team, all those teams responsible for tracking the stolen crypto from” North Korea.

“We’re doing regular tracing. We’re trying to seize that when we can,” he said. “We’ve increased our ability to target nation-state actors given the support of FBI leadership, so we have not moved resources off the threat and we continue to prioritize both threat actor pursuit and victim engagement.”

The post The FBI’s cyber chief is using Winter SHIELD to accelerate China prep, threat intelligence sharing appeared first on CyberScoop.

There’s a growing question on Capitol Hill as the expiration of sweeping U.S. government surveillance powers looms: Where is the Trump administration?

The Senate Judiciary Committee held a hearing Wednesday on the 2024 law that revised the surveillance authorities known as Section 702, a part of the Foreign Intelligence Surveillance Act. Advocates have said that information collected under Section 702 — under which national security officials controversially can use U.S. citizens’ personal information to query a database for collection of their electronic communications with foreign targets without a warrant — accounts for 60% of the intelligence included in the President’s Daily Briefing.

But no Trump administration witnesses testified at the hearing. Nor did any testify at a recent House hearing. Sen. Chris Coons, D-Del., said at Wednesday’s hearing that he wanted to scrutinize the changes to Section 702 under the 2024 law, which came in the wake of significant abuses of the authorities and is set to expire at the end of April.

“Today I had hoped to hear from witnesses about whether those reforms had been appropriately implemented and whether they’ve been effective, but I can’t ask those questions of officials from the government who are actually implementing those reforms because they’re not here,” he said. “We are three months from the expiration of Section 702, and the Trump administration, as best as I can discern, still has no official position on it. That is stunning.” 

“I think it’s unacceptable that with just 90 days [before expiration the administration doesn’t know how it thinks about the program and has nobody here to explain or defend it,” Coons continued.

The top Democrat on the panel, Illinois Sen. Dick Durbin, also said he was “disappointed” the administration wasn’t at the hearing. When Durbin led the panel, he had administration witnesses appear before the committee six months before Section 702 was then set to expire at the end of 2023, and administration officials began a public push for renewal almost a year in advance of its sunset.

Frustration toward the Trump administration over its communication about Section 702 wasn’t just limited to committee Democrats. Chairman Chuck Grassley, R-Iowa, complained about how he and Durbin had written to Attorney General Pam Bondi about President Joe Biden and now Donald Trump not allowing — “despite a statutory mandate to do so” — panel members and staff to attend hearings of the Foreign Intelligence Surveillance Court that makes important decisions about the use of Section 702 authorities.

“We’ve yet to receive a meaningful response,” Grassley said.

Commenting on the administration’s absence, Grassley said Congress had a duty to consider reauthorizing Section 702 regardless of the administration’s views.

“If the administration would like to brief us in an open or closed setting, I will work to set it up,” he said. “In the meantime, the Senate Judiciary Committee needs to move ahead.”

Experts and other lawmakers have also observed the Trump administration’s relative quiet about Section 702. Trump himself has repeatedly thrown the stipulation’s future into turmoil during past renewal debates.

The National Security Agency referred a question about the administration’s views and discussions with Congress to the Defense Department. Spokespeople for the DOD, Office of the Director of National Intelligence, FBI, Justice Department  and Central Intelligence Agency did not immediately respond to requests for comment.

During his nomination hearing to lead the FBI, Kash Patel testified on the importance of Section 702 authorities and not impeding them with a warrant requirement. As a member of Congress, Director of National Intelligence Tulsi Gabbard opposed renewal of Section 702, but has offered mixed signals since, including during her own nomination hearing.

The post Lawmakers wonder when Trump administration will weigh on soon-expired surveillance powers appeared first on CyberScoop.

A fresh effort is mounting in Congress to require federal agents to obtain a warrant before searching a government surveillance database for information about U.S. citizens, as Congress again faces an impending deadline, in four months, to renew a major surveillance law.

But there are also signs that renewal of Section 702 of the Foreign Intelligence Surveillance Act (FISA), set to expire in April, could see the reversal of political headwinds that endangered the last reauthorization two years ago: Democrats are now concerned about President Donald Trump’s usage of those spying powers, rather than Republicans being worried about then-President Joe Biden.

A key debate in 2024 was the idea of a warrant requirement, and a House Judiciary Committee hearing Thursday made clear it’s set to reemerge. Under Section 702 of FISA, the government can warrantlessly surveil foreign targets. But it also doesn’t require a warrant to warrantlessly search a database using U.S. individuals’ personal information to obtain communications from people who are electronically communicating with surveillance targets.

A House vote to require a warrant for U.S. person queries fell on a tie vote in 2024 before Congress ultimately passed the Reforming Intelligence and Securing America Act with changes intended to rein in government surveillance abuses. Proponents say a warrant is the best way to  protect U.S. citizens’ Fourth Amendment rights against unreasonable searches and seizures. Opponents, including FBI Director Kash Patel, say it would slow crucial national security investigations.

House Judiciary Chairman Jim Jordan, R-Ohio, said the 2024 law included some “good reforms.” He cited a watchdog report from October that the number of warrantless U.S. person queries had dropped to around 9,000 in the first year of the law’s existence, down from 3.4 million.

But Jordan said Congress still needs to require warrants.

“If you’re going to search this database and you’re going to search using an American’s name, phone number, email address, we believe you should go to a separate and equal branch of government to do so,” he said. “We think that’s fundamental.”

Others weren’t as convinced about the progress. Witnesses told lawmakers that the FBI has changed the definition of a “query” in ways that distort that figure.

‘Apparently what the FBI did recently is they started treating a mechanism by which they sort data in the database — which of course requires them to look at the names and identifying information about specific people — that apparently they have some kind of a sorting process that they go through when looking through the data, and they don’t count the sorting as a query,”  said Gene Schaerr, general counsel for the Project for Privacy & Surveillance Accountability

“They only actually count as a query when they drill down on a specific individual.”

Arizona Republican Rep. Andy Biggs, a leading figure in Congress pushing for warrant requirements, said he was dismayed that there was “no way to determine how many actual queries are taking place.”

Under Trump, Democrats could be less willing to vote to renew the expiring surveillance powers, however. 

The top Democrat on the Judiciary panel, Maryland Rep. Jamie Raskin, said “the results are alarming” when looking at surveillance in the United States since the passage of the 2024 law, such as the Trump administration moving to consolidate databases on U.S. citizen information.

​”The landscape has changed,”  Raskin said. “We have a lot to be concerned about at this point.”

The post Warrant requirements, Democratic worries could factor into spy law renewal debate appeared first on CyberScoop.