U.S. Justice Department seizes domains linked to Tehran’s intelligence apparatus, exposing a broader campaign of intimidation, propaganda, and transnational repression
The United States has taken a decisive step against the Iranian regime’s expanding cyber warfare strategy, announcing the seizure of four domains linked to covert psychological operations and transnational repression campaigns orchestrated by Tehran’s intelligence apparatus.
According to the U.S. Department of Justice, the operation targeted websites used by Iran’s Ministry of Intelligence and Security (MOIS) to conduct hacking activities, disseminate propaganda, and threaten regime opponents across borders. The domains—Justicehomeland.org, Handala-Hack.to, Karmabelow80.org, and Handala-Redwanted.to—were integral to a coordinated effort to intimidate dissidents, incite violence, and manipulate public perception.
At the core of the operation was a network designed not only to claim responsibility for cyberattacks but also to weaponize stolen data. U.S. investigators revealed that these platforms published sensitive personal information, including addresses and identities of targeted individuals, while issuing explicit calls for violence against journalists, Iranian dissidents, and Israeli nationals.
American officials framed the takedown as part of a broader effort to counter Iran’s use of cyberspace as an tool for authoritarian control beyond its borders. Attorney General Pamela Bondi warned that online propaganda tied to Tehran has the potential to incite real-world violence, emphasizing that U.S. authorities remain vigilant in dismantling such networks.
Similarly, FBI Director Kash Patel underscored that Iran’s reliance on anonymous digital platforms would not shield it from accountability. He described the seized domains as key pillars of a broader intimidation campaign targeting critics of the regime.
The investigation uncovered a structured operational “playbook” behind these activities. This included destructive cyberattacks, coordinated disinformation campaigns, and so-called “faketivist” operations—where state-backed actors pose as independent hacktivist groups to obscure attribution and amplify psychological impact.
One of the most alarming aspects of the campaign involved the “Handala Hack” persona, which claimed responsibility for a destructive malware attack in March 2026 against a U.S.-based multinational medical technology company. The same network also published personal data of approximately 190 individuals linked to the Israeli military and government, accompanied by threats suggesting surveillance and imminent harm.
In addition to public data leaks, the network engaged in direct intimidation. Investigators found that operatives used email accounts associated with the domains to send death threats to Iranian dissidents and journalists living both in the United States and abroad. These messages included bounty offers and references to criminal organizations, signaling an escalation from digital harassment to potential physical violence.
The campaign also extended into Europe. Earlier operations linked to the same infrastructure targeted Albanian government institutions, reportedly in retaliation for Albania’s support of the Iranian opposition group Mujahedeen-e Khalq (MEK). This underscores a pattern in which Tehran leverages cyber tools not only for espionage but also for coercion against governments that host or support its opponents.
Assistant Attorney General for National Security John A. Eisenberg described Iran as the world’s leading state sponsor of terrorism, noting that its cyber operations are increasingly integrated into a broader strategy of repression and destabilization.
The seizure of these domains highlights a critical dimension of the Iranian regime’s strategy: the fusion of cyber capabilities with psychological warfare to silence dissent, both domestically and within the diaspora. By exposing identities, spreading fear, and inciting violence, Tehran aims to extend its reach far beyond its borders.
While the disruption marks a significant tactical victory, U.S. officials made clear that the broader campaign continues. As cyber-enabled repression becomes a central pillar of the regime’s survival strategy, countering these operations will remain a key front in the international response to Iran’s behavior.
The message from Washington is unambiguous: the digital battlefield is no longer a safe haven for state-sponsored intimidation, and those who weaponize it will increasingly face coordinated and persistent pushback.
The original announcement can be found here.
