The Federal Bureau of Investigation (FBI) seized four domains linked to Iran’s cyberwarfare campaign against the US and its allies, the bureau announced on Thursday.
According to a Department of Justice (DOJ) press release, Iran’s Intelligence and Security Ministry (MOIS) used the domains to conduct “hacking and transnational repression schemes,” which included "claiming credit for hacking activity, posting sensitive data stolen during such hacks, and calling for the killing of journalists, regime dissidents, and Israeli persons."
The DOJ, citing several such attacks, sought and obtained a court order to seize four domains used by the regime for nefarious purposes.
“Terrorist propaganda online can incite real-world violence. Thanks to our National Security Division and the US Attorney’s Office for the District of Maryland, this network of Iranian-backed sites will no longer broadcast anti-American hate,” Attorney General Pam Bondi said regarding the seizures.
According to the DOJ release, the domains were connected by “shared leak sites”, distinctive IP addresses, and their operational "playbook," consisting of “destructive and disruptive cyber-attacks; and ‘faketivist’ psychological operations using data stolen via hacking.”
“Handala” group responsible for attacks and intimidation
Of the four domains seized, two are associated with Handala, an Iran-linked hacker organization that has claimed responsibility for numerous major cyberattacks against the US and Israel.
Last month, the group claimed to have breached Clalit, Israel’s largest healthcare provider, further claiming to have released data of more than 10,000 patients.
On March 11, American medical manufacturer Stryker fell victim to yet another cyberattack by Handala, resulting in a “global network disruption” across the company’s Microsoft systems, according to the company.
In a statement, Handala said the attack was a response to “ongoing cyber assaults against the infrastructure of the Axis of Resistance.” On Thursday, the company said the attack had likely been “contained” and that it had been in contact with governmental agencies.
The DOJ cited the Stryker case as one of the reasons for the domains’ seizure. Additionally, the DOJ pointed to earlier cyberattacks and threats against IDF soldiers and members of the Sanz Hasidic Jewish community as justification for seeking the court order.
According to the DOJ, the Handala group had sent death threats to Iranian dissidents and journalists in exile, and had called on the Jalisco New Generation Cartel to attack its targets, offering a bounty of $250,000 for the beheading of two such victims.
"Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents,” FBI Director Kash Patel said. “We took down four of their operation's pillars and we're not done. This FBI will hunt down every actor behind these cowardly death threats and cyberattacks and will bring the full force of American law enforcement down on them.”
Shir Perets contributed to this report