U.S. Justice Department Seizes Four Iranian Government-Linked Cyberattack Domains Amid Rising Middle East Tensions

The U.S. Department of Justice announced on Thursday that it has seized four internet domains linked to Iranian government-backed groups engaged in cyberattacks and transnational repression. The domains—Justicehomeland.org, Handala-Hack.to, Karmabelow80.org, and Handala-Redwanted.to—were reportedly used by hacking groups affiliated with Iran’s Ministry of Intelligence and Security to claim responsibility for cyber intrusions, post stolen data, and threaten dissidents. The Justice Department described these websites as key components of Iranian-sponsored operations aimed at psychological warfare and intimidation of regime critics.

Among the groups identified by the Justice Department are Handala, Homeland Justice, and Karma Below, all of which allegedly employ custom-built malware and share operational tactics. The Handala group, in particular, has been linked to a recent cyberattack on a U.S.-based multinational medical technology company. While the Justice Department did not name the firm, cybersecurity experts and media reports have connected the incident to Stryker, which disclosed last week that a cyberattack had caused global disruption to its internal Microsoft systems. Stryker emphasized that its medical products were not affected. Handala has also claimed responsibility for hacking members of a Hasidic Jewish community and disseminating personal information of Israeli Defense Forces personnel and government employees.

The Justice Department further revealed that Handala sent death threats to Iranian dissidents and journalists, including at least one individual residing in the United States. One message purportedly offered a $250,000 bounty for the death of a dissident and claimed a partnership with the Mexico-based Jalisco New Generation Cartel. Homeland Justice was linked to a high-profile 2022 cyberattack against the Albanian government, with the FBI obtaining stolen Albanian ID cards as part of its investigation. FBI Director Kash Patel stated, “Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents. We took down four of their operation’s pillars and we’re not done.”

The seizures come amid escalating tensions following the U.S. and Israel’s air assault on Iran that began on February 28. Since then, Iran has retaliated with missile and drone attacks on U.S. military bases, consulates, and Israeli targets across the Middle East. The conflict has resulted in more than 2,000 deaths across the region, including over 1,200 in Iran, according to the Iranian Red Crescent Society. The cyber front of the conflict appears to have intensified, with experts noting that Iran’s hacking groups operate with close ties to the government and military intelligence. Former Cybersecurity and Infrastructure Security Agency Director Chris Krebs described the Iranian cyber operations as an “all-hands-on-deck approach,” involving military, intelligence, proxies, and sympathizers targeting adversaries. FBI officials emphasized their commitment to proactively countering Iranian cyber threats to U.S. national and economic security.