DOJ Seizes Iran‑Linked Hacking Websites Used to Threaten Dissidents and Claim U.S. Cyberattacks
The Justice Department says it has seized and shut down four websites allegedly run by Iran’s Ministry of Intelligence and Security and affiliated groups that were used to post hacked data, threaten regime critics and conduct online propaganda amid the U.S.–Israeli war with Iran. Court filings describe three overlapping hacking personas—Handala, Homeland Justice and Karma Below—accused of deploying custom malware and using the sites for Iranian government‑sponsored 'hacking and transnational repression schemes' and 'attempted psychological operations.' DOJ says Handala used the seized domains to claim responsibility for a recent destructive attack on an unnamed U.S. medical technology company that matches Stryker’s report of a 'global disruption' to its internal Microsoft systems, as well as to dox Israeli Defense Forces and government employees, threaten a Hasidic Jewish community, and email death threats to Iranian dissidents including at least one person in the United States while invoking a Mexican cartel and offering a bounty. Another seized site tied to Homeland Justice allegedly hosted data from a 2022 cyberattack on Albania’s government, with the FBI saying an undercover agent bought a trove of stolen Albanian ID card data from a representative of the group. The takedown underscores how Iranian services are blending cyber intrusions, intimidation of exiles and information operations while U.S. officials quietly expand wartime cyber activity against Iran, and it highlights the limits of simply knocking domains offline when state‑backed actors can quickly reconstitute their infrastructure.
📌 Key Facts
- DOJ seized four websites that it says were used by Iran‑run groups Handala, Homeland Justice and Karma Below for hacking, intimidation and propaganda.
- FBI affidavits assert all three groups are operated by Iran’s Ministry of Intelligence and Security and rely on 'custom‑built malware.'
- Handala allegedly used the sites to claim a destructive malware attack on a U.S.-based multinational medical technology firm, believed to be Stryker, and to threaten dissidents with cartel-linked death threats and a $250,000 bounty.
- A Homeland Justice‑linked site allegedly hosted data from a 2022 hack of Albania’s government; an undercover FBI agent bought stolen Albanian ID card data from a representative of the group.
- FBI Director Kash Patel said Thursday that agents 'took down four of their operation's pillars' and warned 'we're not done.'
📊 Relevant Data
As of 2024, there are approximately 750,000 Iranian Americans in the United States, making up 0.2% of the U.S. population, with the population having grown by more than 53% since 2000.
7 facts about Iranians in the U.S. — Pew Research Center
The Immigration and Nationality Act of 1965 increased Iranian immigration to the United States through its family-sponsored preference category, resulting in a surge in the number of Iranians gaining permanent residency status.
Iranian Americans — PAAIA
Iranian-linked cyber actors have conducted persistent operations against U.S. targets, with reports indicating a surge in activity coinciding with escalating tensions, including opportunistic targeting of poorly secured critical infrastructure networks.
Iranian Cyber Threat Response to US/Israel strikes, February 2026 — Canadian Centre for Cyber Security
U.S. intelligence assessments have warned of Iranian threats to dissidents in the United States, including multiple thwarted plots to kidnap or murder individuals such as Iranian-American journalists, with heightened risks during periods of geopolitical conflict.
US intelligence community ramps up warnings of possible retaliatory attacks from Iran — CNN
📰 Source Timeline (1)
Follow how coverage of this story developed over time