Iran State-Backed Cyber Operations

The Justice Department says it has seized and shut down four websites allegedly run by Iran’s Ministry of Intelligence and Security and affiliated groups that were used to post hacked data, threaten regime critics and conduct online propaganda amid the U.S.–Israeli war with Iran. Court filings describe three overlapping hacking personas—Handala, Homeland Justice and Karma Below—accused of deploying custom malware and using the sites for Iranian government‑sponsored 'hacking and transnational repression schemes' and 'attempted psychological operations.' DOJ says Handala used the seized domains to claim responsibility for a recent destructive attack on an unnamed U.S. medical technology company that matches Stryker’s report of a 'global disruption' to its internal Microsoft systems, as well as to dox Israeli Defense Forces and government employees, threaten a Hasidic Jewish community, and email death threats to Iranian dissidents including at least one person in the United States while invoking a Mexican cartel and offering a bounty. Another seized site tied to Homeland Justice allegedly hosted data from a 2022 cyberattack on Albania’s government, with the FBI saying an undercover agent bought a trove of stolen Albanian ID card data from a representative of the group. The takedown underscores how Iranian services are blending cyber intrusions, intimidation of exiles and information operations while U.S. officials quietly expand wartime cyber activity against Iran, and it highlights the limits of simply knocking domains offline when state‑backed actors can quickly reconstitute their infrastructure.