This is the online edition of The Wiretap newsletter, your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.

When the U.S. and Israel launched their initial strikes on Iran at the end of February, one of the reported targets was the Ministry of Intelligence and Security (MOIS).

Per reports, at least two Iranians accused of running cyber operations against Western entities were killed in the strikes. One was Mohammad Mehdi Farhadi Ramin, who the Justice Department charged in 2020 with hacking into aerospace and defense companies in America and had been sought by U.S. authorities since then.

The other was Seyed Yahya Hosseiny Panjaki, a deputy minister of intelligence for Israeli affairs at MOIS who is on the FBI Most Wanted list. Cybersecurity sources tell Forbes Panjaki was in charge of the MOIS unit that controlled hacking groups like Handala, long known as a pro-Iranian crew that has successfully targeted Israeli politicians and Western businesses. According to the FBI, Panaki was linked to terror plots and cyberattacks organized by MOIS and and Iran's Islamic Revolutionary Guard Corps.”

But that hasn’t taken down Iran’s cyber capabilities. Handala claimed one of its most significant scalps in the form of Michigan-based medical device provider Stryker last week. The group claimed to have hacked and wiped the company’s systems, permanently erasing 12 petabytes of data. “Such a scale of data destruction is unprecedented to this day,” it wrote on its website.

Stryker confirmed in a notice to customers that its Microsoft systems had been compromised and it was “now in the restoration process, which is progressing steadily.” Handala also claimed to have breached Israeli payments provider Verifone, though the company said it had found no evidence of any breach.

Meanwhile, another group believed to operate under the same MOIS umbrella called Homeland Justice said it had hacked Albania’s parliament on Sunday because of its support of an Iranian anti-regime group. Albanian officials confirmed email systems had been taken offline as a result of the breach.

The MOIS-aligned hackers are, ironically, relying on American technology to help them carry out attacks. As Forbes reported earlier this month, it’s stayed online thanks to smuggled Starlink satellite internet devices from Elon Musk’s SpaceX. Israeli cybersecurity company Check Point said Handala also appeared to be using AI to help write its malicious code, though it was unable to identify which models had been used.

Such is the autonomy of groups like Handala, cyberattacks are likely to continue alongside Iran’s retaliatory drone and missile strikes across the Middle East.

Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.

This AI Hacker Beat 99% Of Humans In Cyber Games

Israeli startup Tenzai tested its AI agent in six hacking competitions against 125,000 top cybersecurity experts. It beat 99% of them. In some cases, though, people were faster. “There’s still room at the top for humans,” says cofounder and CEO Pavel Gurvich.

Stories You Have To Read Today

Teenagers in Tennessee are suing Elon Musk’s xAI over claims it has licensed its AI models to app makers whose tools are creating child sexual abuse material.

Instagram plans to turn off end-to-end encryption on direct messages because few people used the security feature.

A global law enforcement operation has taken down SocksEscort, a “proxy” network of hacked home routers used to funnel and hide cybercriminal traffic. Hackers used the network in a $1 million crypto theft and another $100,000 theft from the MilitaryStar benefits program for service members.

Kwamaine Jerell Ford, a 34-year-old from Georgia, has been charged with tricking NBA and NFL players into giving him their Apple iCloud login information. He did it with a “two-pronged approach,” the Justice Department said, first posing as a porn star and offering to send explicit videos to the players. Ford then spoofed legitimate Apple customer service accounts to pose as a support rep, telling the victims they needed to send their user name, password and multi-factor authentication codes to access the videos, according to the feds. He then used his access to iCloud accounts to pilfer bank account details, the DOJ alleged. Investigators also claimed Ford coerced a woman into sleeping with a number of pro athletes in return for money and filming the sexual acts without the sports stars’ knowledge.

© Forbes