Iran’s Digital Terror Playbook Exposed As DOJ Just Took Out Key Pieces

In a major escalation against foreign cyber threats, the Department of Justice on Thursday announced the seizure of four web domains allegedly used by the Islamic Republic of Iran’s Ministry of Intelligence and Security (MOIS) to facilitate psychological operations, destructive hacking, and what officials described as “transnational repression.”

The targeted websites — Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, and Handala-Redwanted[.]to—allegedly served as the digital infrastructure for so-called “faketivist” groups that U.S. officials say operated as fronts for the Iranian government.

According to court documents, these sites were used to leak stolen data, dox dissidents, and incite violence against American citizens, journalists, and Israeli officials.

Attorney General Pamela Bondi characterized the move as a vital strike against state-sponsored extremism.

“Terrorist propaganda online can incite real-world violence,” Bondi said. “This network of Iranian-backed sites will no longer broadcast anti-American hate.”

The investigation, led by the FBI’s Baltimore Field Office, outlined what officials described as a coordinated Iranian cyber warfare “playbook.”

Authorities say operatives used the “Handala Hack” persona to claim responsibility for a March 2026 malware attack targeting a U.S.-based medical technology firm. The same network allegedly published the private information of nearly 190 individuals linked to the Israel Defense Forces, accompanied by warnings that their homes were under surveillance.

Perhaps most alarming were the “death threats” delivered via email accounts linked to the seized domains. Investigators uncovered messages sent to Iranian dissidents in the United States and abroad, claiming the regime had partnered with the Jalisco New Generation Cartel (CJNG) to carry out assassinations.

One email offered a $250,000 bounty for the beheading of two targets, declaring, “Our partners… in America and Canada have been given a list of our enemies.”

FBI Director Kash Patel said the operation disrupted a broader intimidation campaign.

“Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans,” Patel said. “We took down four of their operation’s pillars and we’re not done. This FBI will hunt down every actor behind these cowardly death threats.”

The seizure also highlights Iran’s efforts to punish international adversaries. The Justice Department noted that the domain Justicehomeland[.]org was used to leak sensitive Albanian government documents in apparent retaliation for Albania’s support of the Iranian dissident group Mojahedin-e-Khalq (MEK).

Assistant Attorney General for National Security John A. Eisenberg reaffirmed the government’s commitment to dismantling Tehran’s cyber infrastructure, describing Iran as “the leading state sponsor of terrorism worldwide.”

In conjunction with the seizures, the State Department’s Rewards for Justice program is offering up to $10 million for information leading to the identification of foreign actors engaged in malicious cyber activities against U.S. critical infrastructure.