DOJ Shuts Down Websites Spreading Iranian Propaganda, Threatening Dissidents

U.S. Justice Department Shutters Iranian Hacking Websites Amid Rising Cyber Tensions

The Justice Department has taken down four websites allegedly operated by Iranian government-linked groups that were used to post hacked information and threaten critics of the Tehran regime, officials announced Thursday.

The action comes at a particularly sensitive moment as concerns mount that the military conflict between the U.S. and Israel against Iran could expand into the digital realm. A news agency affiliated with Iran’s Revolutionary Guards has recently issued threats against American technology companies, suggesting they could become targets in the escalating conflict.

One of the Iranian-linked groups targeted in the Justice Department operation appeared to take credit for a cyberattack on Michigan-based medical technology company Stryker last week, according to cybersecurity experts. Meanwhile, U.S. military officials have acknowledged that cyber operations played a role in degrading Iranian communications capabilities in the early phases of the conflict.

The websites shut down by federal authorities were associated with three distinct hacking groups: Handala, Homeland Justice, and Karma Below. FBI investigators detailed in court documents that all three groups operate under Iran’s Ministry of Intelligence and Security, employing similar tactics that include the use of “custom-built malware” for their operations.

“These sites were used for Iranian government-sponsored hacking and transnational repression schemes,” the Justice Department stated, adding that they also facilitated “attempted psychological operations targeting adversaries of the regime.”

The Handala group’s websites were allegedly used to claim responsibility for “a destructive malware attack against a U.S.-based multinational medical technologies firm,” which cybersecurity expert Brian Krebs identified as Stryker. The company reported a cyberattack last week that caused “global disruption” to its operations. The attack was reportedly framed as retaliation for a deadly bombing at a girls’ school in Iran, which early assessments suggest may have involved U.S. responsibility.

Stryker has stated that the hack was limited to its internal Microsoft systems and did not impact any of its medical products or implants.

According to the Justice Department, Handala also used the now-seized websites to take credit for hacking members of a Hasidic Jewish community and to publish names and personal information of Israel Defense Forces personnel and Israeli government employees. In some instances, the group allegedly encouraged supporters of Iran to “respond” to the identified IDF personnel.

More alarmingly, Handala was accused of emailing death threats to Iranian dissidents and journalists, including at least one living in the United States. One message disclosed by authorities claimed Handala had formed a partnership with Mexico’s notorious Jalisco New Generation Cartel and offered a $250,000 bounty for the target’s death.

Another website connected to the Homeland Justice group was allegedly used to claim responsibility for a high-profile 2022 cyberattack against the Albanian government. As part of its investigation, the FBI revealed that an undercover agent purchased stolen data from a Homeland Justice representative, including Albanian identification cards apparently connected to the 2022 incident.

“Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents,” FBI Director Kash Patel said in a statement. “We took down four of their operation’s pillars and we’re not done.”

U.S. intelligence and security agencies have long warned about Iranian state-sponsored hacking capabilities. The regime has also been linked to multiple plots targeting dissidents on American soil, including thwarted attempts to kidnap or murder Iranian-American journalist and regime critic Masih Alinejad, who contributes to CBS News.

The targeting of Stryker last week appears to signal a new phase in the conflict, according to former Cybersecurity and Infrastructure Security Agency Director Chris Krebs, who told CBS News that “the cyber front of this conflict has officially opened.”

Krebs, now a CBS News contributor, noted that the distinction between groups like Handala and the Iranian government is “really blurry,” describing Iran’s approach as “almost an all-hands-on-deck” strategy where military, intelligence services, contractors, hacktivists, and sympathizers are all targeting potential victims.

As tensions continue to escalate between Washington and Tehran, cybersecurity experts warn that critical infrastructure, healthcare organizations, and financial institutions should remain on high alert for potential Iranian-backed cyber operations.