The Department of Justice (DOJ) seized four domains linked to Iran’s Ministry of Intelligence and Security (MOIS) as part of an ongoing effort to disrupt the Iranian agency’s hacking and transnational repression schemes, the department said in a March 19 statement.
The seized domains—Justicehomeland.org, Handala-Hack.to, Karmabelow80.org, and Handala-Redwanted.to—were used by MOIS for “psychological operations targeting adversaries of the regime by claiming credit for hacking activity, posting sensitive data stolen during such hacks, and calling for the killing of journalists, regime dissidents, and Israeli persons,” DOJ said.
After the U.S.–Iran conflict began on Feb. 28, some of the MOIS-controlled domains published personally identifiable information associated with targeted individuals.
These include posting the names and sensitive information of people associated with the Israel Defense Forces or the Israeli government, and a malware attack against a multinational medical technologies company in the United States. Handala Hack said it had stolen 851 gigabytes of confidential data from members of the Sanzer Hasidic Jewish community.
The FBI also found that one of the domains emailed death threats to Iranian dissidents and journalists living in the United States and other nations. In these emails, they openly called for Mexican cartel “partners” to commit acts of violence against certain targets and offered bounties.
“Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents.” FBI Director Kash Patel said.
“We took down four of their operation’s pillars, and we’re not done. This FBI will hunt down every actor behind these cowardly death threats and cyberattacks and will bring the full force of American law enforcement down on them.”
Last year, in mid-June, Israel launched surprise attacks against Iran’s nuclear program, which resulted in the deaths of the country’s top military officials. This was followed by the United States bombing three Iranian nuclear facilities.
On June 30, 2025, the FBI and three other agencies warned that critical infrastructure operators should be aware of potential Iranian cyberattacks.
“Defense Industrial Base companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk,” the agencies said in the warning.
The agencies had urged operators “to learn more about the Iranian state-backed cyber threat and actionable mitigations to harden cyber defenses.”
According to the Annual Threat Assessment of the U.S. Intelligence Community report published by the Office of the Director of National Intelligence on March 18, Iran and Iranian-aligned terrorist actors have been severely degraded by U.S. and Israeli strikes in the region.
“Nevertheless, these groups remain capable of asymmetrically attacking U.S. interests and our allies in the Middle East, and continue to spread Islamist propaganda to incite terrorist acts,” the report states.
On the cyber front, Iran continues to pose a threat to U.S. networks and critical infrastructure in the form of cyber espionage and cyber attacks. This includes attacks originating from Iranian proxies and hacktivists outside of Iran.
The report noted that if the Iranian regime survives Operation Epic Fury, the latest attack on the country, “Tehran almost certainly will seek to exact revenge for the death of Supreme Leader Ayatollah Ali Khamenei; it still maintains its long-term strategic intent to avenge the death of former IRGC-QF Commander Qasem Soleimani by targeting current and former U.S. officials.”
Regarding the latest internet domain capture by the DOJ, the State Department is offering a reward of up to $10 million for information on any entity under the control of a foreign government that engages in malicious cyber activities against U.S. critical infrastructure, the DOJ said.
Friends Read Free
Copy
Facebook
Tweet
