The Department of Justice said Thursday it had seized four internet domains accused of spreading Iranian government-backed “terrorist propaganda” as part of a broader effort to disrupt foreign cyber-related psychological operations targeting U.S. audiences.
Federal prosecutors said the websites were operated by individuals and entities tied to the Islamic Republic of Iran’s Ministry of Intelligence and Security and were used to disseminate disinformation, amplify pro-Iranian narratives, and undermine confidence in U.S. institutions.
The domains have been taken offline and now display FBI-controlled seizure notices.
Officials described the action as part of a campaign to counter Tehran’s expanding use of cyber tools to influence public opinion abroad, particularly during periods of heightened geopolitical tension.
“Iran, the leading state sponsor of terrorism worldwide, used the seized domains to dox and harass dissidents and journalists, incite violence against Jewish communities, and spread Tehran’s anti-American propaganda,” Assistant Attorney General for National Security John A. Eisenberg said.
Attorney General Pam Bondi said the information displayed on the seized websites “can incite real-world violence.”
The seized domains include Justicehomeland.org, Handala-Hack.to, Karmabelow80.org, and Handala-Redwanted.to, and posed as independent news outlets or advocacy platforms but were in fact directed by Iranian actors conducting coordinated operations.
The sites allegedly pushed messaging aligned with Iranian government interests, including content designed to inflame political divisions in the United States and shape perceptions of U.S. foreign policy.
The takedown comes amid growing concern in the U.S. about Iran’s use of cyberattacks and online propaganda in tandem, particularly following a recent cyber incident involving medical device maker Stryker.
A hacking group linked to Iran claimed responsibility for a disruptive cyberattack on the Michigan-based company, which temporarily affected its global network and internal systems.
Handala-Hack.to was used to claim responsibility for the attack, which reportedly wiped data from thousands of devices, highlighting the increasing willingness of Iranian-linked actors to target U.S. infrastructure.
While Stryker said it had contained the disruption and found no evidence of malware affecting patient services, cybersecurity experts warned the incident marked a possible escalation in tactics, combining operational disruptions with broader messaging campaigns.
The DOJ alleges that Handala Hack, through its domains, had published personally identifiable information about the Israeli military and government.
Handala Hack allegedly posted the names of Israeli military personnel and urged “people of the Axis of Resistance! See these names and respond to these Zionist pigs yourselves.”
FRENCH OFFICER EXPOSES AIRCRAFT CARRIER LOCATION AFTER POSTING WORKOUT ON FITNESS APP
Additionally, the group claimed to have stolen hundreds of gigabytes of confidential data from members of the Sanzer Hasidic Jewish community, including “documents of financial cooperation, witchcraft ceremonies, and secret correspondences with [Benjamin] Netanyahu.”
The FBI Baltimore Field Office is investigating the case in coordination with the FBI Cyber Division as the DOJ moves forward with the prosecution.
