March 19, 2026 / 11:26 PM EDT / CBS News
The Justice Department says it shut down four websites allegedly used by Iran-linked groups to post hacked material, claim responsibility for cyberattacks and threaten regime critics. The action comes amid concerns that the U.S.-Israel war with Iran could spill into broader cyberattacks; an IRGC-linked news agency has warned American tech companies they could be targeted, and one of the groups the DOJ targeted appeared to claim a recent hack of a Michigan medical technology firm.
U.S. military officials have said cyber operations helped degrade Iran’s communications early in the conflict. In filings, the FBI identified three alleged hacking groups whose names corresponded to the seized sites: Handala, Homeland Justice and Karma Below. The agency said those groups are run by Iran’s Ministry of Intelligence and Security and use similar tactics, including custom-built malware.
The DOJ described the four sites as pillars of Iranian government-sponsored “hacking and transnational repression schemes” and as tools for “attempted psychological operations targeting adversaries of the regime.” The Handala-linked sites were allegedly used to claim a destructive malware attack against a U.S.-based multinational medical technologies company. While the DOJ did not name the firm, medical device maker Stryker recently reported a cyberattack that caused global disruption; cybersecurity journalist Brian Krebs reported Handala appeared to claim responsibility, noting the strike was purportedly in retaliation for a deadly bombing of a girls’ school in Iran that early assessments linked to U.S. actions.
Stryker said the incident was limited to internal Microsoft systems and did not affect its products, including implants. CBS News has sought comment from the company.
According to the DOJ, Handala also used the seized sites to claim responsibility for an attack on members of a Hasidic Jewish community and to publish names and personal information of Israel Defense Forces and Israeli government employees, at times encouraging supporters of Iran to “respond” to IDF personnel. The group allegedly sent death threats earlier this month to Iranian dissidents and journalists, including at least one U.S.-based target. One message, disclosed by the DOJ, claimed Handala was “partners” with Mexico-based Jalisco New Generation Cartel and offered $250,000 for a target’s death.
A site tied to Homeland Justice was accused of taking credit for a high-profile 2022 hack of the Albanian government. The FBI said an undercover agent purchased a trove of stolen data from a Homeland Justice representative during the investigation, including Albanian ID cards seemingly linked to the 2022 incident.
” Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents,” FBI Director Kash Patel said in a DOJ statement. “We took down four of their operation’s pillars and we’re not done.”
U.S. authorities have long warned about the threat of Iranian state-sponsored hacking, and Iran has been tied to efforts to suppress dissidents in the U.S., including multiple foiled plots targeting Iranian-American journalist and regime critic Masih Alinejad. After the Stryker attack, former CISA Director Chris Krebs told CBS News it looked like “the cyber front of this conflict has officially opened,” noting the lines between groups like Handala and Iranian government organs are often indistinct and suggesting a broad, coordinated push by Iranian state, proxy and sympathetic actors against targets.