The Justice Department announced on Mar. 19 the seizure of four internet domains allegedly used by Iran’s Ministry of Intelligence and Security (MOIS) to conduct hacking and psychological operations against regime adversaries, including journalists, dissidents, and Israeli individuals. The seized domains—Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, and Handala-Redwanted[.]to—were reportedly used to claim credit for cyberattacks, post stolen sensitive data, and issue threats.
Officials say the operation is part of ongoing efforts to disrupt transnational repression schemes that use online platforms to incite violence and intimidate critics of the Iranian government. According to the Justice Department, one domain was used in March 2026 to claim responsibility for a destructive malware attack against a U.S.-based multinational medical technologies firm.
Attorney General Pamela Bondi said, “Terrorist propaganda online can incite real-world violence — thanks to our National Security Division and the U.S. Attorney’s Office for the District of Maryland, this network of Iranian-backed sites will no longer broadcast anti-American hate. Our cyber assets will remain ever-vigilant to root out and deactivate networks that pose a threat to American citizens.”
FBI Director Kash Patel said, "Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents. We took down four of their operation's pillars and we're not done. This FBI will hunt down every actor behind these cowardly death threats and cyberattacks and will bring the full force of American law enforcement down on them.”
Assistant Attorney General for National Security John A. Eisenberg added, “Iran, the leading state sponsor of terrorism worldwide, used the seized domains to dox and harass dissidents and journalists, incite violence against Jewish communities, and spread Tehran’s anti-American propaganda. NSD is committed to dismantling Iran’s cyberwarfare infrastructure and detecting and preventing Iran’s cyber-enabled terrorism.”
U.S. Attorney for the District of Maryland Kelly O. Hayes said her office is committed to working with law enforcement partners "to identify threats, shut them down, and hold bad actors accountable." She continued: “We will not hesitate to use all our resources and available tools to do whatever is necessary to ensure the safety and security of our nation.”
The FBI investigation found that these domains were connected through shared leak sites, Iranian IP addresses, common operational tactics involving destructive attacks as well as psychological operations using stolen data.
Court documents allege that after conflict escalated between the United States and Iran in late February 2026, MOIS-controlled domains published personal information about targeted individuals—including members or employees associated with Israel—and issued direct threats indicating surveillance.
In addition to public postings on these sites threatening individuals critical of Iran’s regime or associated with Jewish communities abroad, investigators say email accounts linked with these operations sent death threats offering bounties for acts of violence against specific targets in both America and other countries.
The Justicehomeland[.]org domain was also reportedly used by MOIS actors in 2022 when it claimed responsibility for stealing sensitive documents from Albanian government organizations following Albania's support for an Iranian dissident group.
The State Department’s Rewards for Justice program is offering up to $10 million for information about foreign-directed malicious cyber activities targeting U.S. critical infrastructure.
The FBI Baltimore Field Office led this investigation alongside its Cyber Division; prosecution is being handled by federal attorneys from Maryland as well as national security prosecutors.
