March 19, 2026 — The Justice Department says it took down four websites that federal authorities allege were operated by Iran-linked actors to publish stolen data, claim cyberattacks and intimidate critics. The move comes amid escalating cyber tensions tied to the U.S.-Israel conflict with Iran, after an IRGC-affiliated news outlet warned American tech firms they could be targets.
In court filings, the FBI named three purported hacking groups associated with the seized domains: Handala, Homeland Justice and Karma Below. The agency alleges the groups are controlled by Iran’s Ministry of Intelligence and Security and frequently deploy bespoke malware and other similar tradecraft.
The DOJ characterized the four sites as central components of Iran-backed “hacking and transnational repression schemes” and said they were used for psychological operations aimed at regime opponents. Prosecutors allege Handala used its sites to claim responsibility for a destructive malware intrusion at a U.S.-based multinational medical technology company. While the DOJ did not identify the victim, medical-device maker Stryker recently disclosed a cyber incident that disrupted some global systems; cybersecurity reporter Brian Krebs noted Handala appeared to claim that strike, saying it was framed as retaliation for a deadly school bombing in Iran.
Stryker has maintained the incident was confined to internal Microsoft systems and did not compromise its products or implants. CBS News has reached out to the company for comment.
According to the DOJ, Handala also took credit on the seized platforms for an attack targeting members of a Hasidic Jewish community and published names and personal details of Israel Defense Forces and Israeli government employees, at times urging supporters to “respond” to IDF personnel. The group allegedly sent death threats this month to Iranian dissidents and journalists, including at least one person based in the United States. In one posted message, Handala claimed a partnership with Mexico’s Jalisco New Generation Cartel and offered $250,000 for killing a named target, the filings say.
The site linked to Homeland Justice was accused of claiming responsibility for a high-profile 2022 breach of Albania’s government. The FBI said an undercover agent purchased stolen data from a Homeland Justice representative during the probe, including Albanian identity cards that appear connected to the 2022 incident.
“They thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents,” FBI Director Kash Patel said in a Justice Department statement. “We took down four of their operation’s pillars — and we’re not done.”
U.S. officials have long warned about Iranian state-backed cyber activity, and Tehran has been tied to efforts to intimidate and silence opponents abroad, including multiple foiled plots against Iranian-American journalist Masih Alinejad. After the Stryker-related incident surfaced, former CISA Director Chris Krebs told CBS News the event suggested the cyber dimension of the conflict is widening. He added that distinctions between groups like Handala and official Iranian security organs are often murky, and that state, proxy and sympathetic actors may be coordinating a broader campaign against perceived adversaries.
The DOJ action is intended to disrupt the web presence used to distribute hacked material and coordinate harassment. The investigation is ongoing as authorities continue to trace the groups’ activities and links to Iranian government entities.