FBI seizes 4 Iranian-linked cyberwarfare domains targeting US and allies following death threats

The Federal Bureau of Investigation announced on Thursday that it had shut down four Iranian-linked domains engaged in cyberwarfare against the United States and its allies.

The U.S. Department of Justice (DOJ) stated in a press release that the raid had targeted “hacking and transnational repression schemes,” which included "claiming credit for hacking activity, posting sensitive data stolen during such hacks, and calling for the killing of journalists, regime dissidents, and Israeli persons."

"Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents,” FBI Director Kash Patel said. “We took down four of their operation's pillars and we're not done. This FBI will hunt down every actor behind these cowardly death threats and cyberattacks and will bring the full force of American law enforcement down on them,” he vowed.

U.S. Attorney General Pam Bondi hailed the action as necessary to boost national security.

“Terrorist propaganda online can incite real-world violence. Thanks to our National Security Division and the US Attorney’s Office for the District of Maryland, this network of Iranian-backed sites will no longer broadcast anti-American hate,” Bondi stated.

The DOJ release explained that the Tehran‑linked domains were connected through “shared leak sites,” distinctive IP addresses, and a common operational playbook that included “destructive and disruptive cyber‑attacks; and ‘faketivist’ psychological operations using data stolen via hacking.”

One of the domains that was taken down, Handala, was reportedly behind multiple cyberattacks against the U.S. and Israel. The extremist organization reportedly sent death threats to journalists and Iranian regime critics abroad and also offered a bounty of $250,000 to anyone willing to behead two of the potential victims.

Earlier in March, Handala targeted the U.S. medical device producer Stryker Corporation in a cyber-attack that reportedly led to a “global network disruption” across the company’s Microsoft systems.

In February, Handala said it had hacked patient data at Clalit, one of Israel’s largest healthcare providers. In an official statement, the group justified the attack as a response to what it called the “ongoing cyber assaults against the infrastructure of the Axis of Resistance,” a reference to Iran and its allied militant networks.

The ayatollah regime in Tehran recently threatened to target leading American tech companies, including Microsoft, Google and Amazon, amid the ongoing Iran war. Iran's Tasnim news agency and the Islamic Revolutionary Guard Corps (IRGC) said U.S. tech giants are “legitimate targets.” 

“As the regional war expands into an infrastructure war, the scope of Iran’s legitimate targets gradually broadens,” Tasnim stated.

Earlier this month, Israel’s National Cyber Directorate (INCD) warned that Iran attempted to hack hundreds of thousands of security cameras across the country, urging businesses and individuals to strengthen their camera security.

“Owners of security cameras must ensure they cannot be accessed directly from the internet, immediately change default passwords, update security versions and limit their exposure to public areas. These days, an unsecured connection is not only a privacy risk but a security risk, and it requires responsible technological conduct,” the INCD stated.