By Pishtaz | 2026-04-02

The Federal Bureau of Investigation (FBI) seized multiple websites tied to an Iranian cyber operation following coordinated action announced by the US Department of Justice.

According to the Department of Justice, the operation disrupted infrastructure used for cyber-enabled psychological campaigns and hacking activities.

The seized domains were linked to actors associated with Islamic Republic's Ministry of Intelligence and Security, indicating direct involvement of a state intelligence apparatus.

"Terrorist propaganda online can incite real-world violence — thanks to our National Security Division and the U.S. Attorney’s Office for the District of Maryland, this network of Iranian-backed sites will no longer broadcast anti-American hate," said Attorney General Pamela Bondi, according to a statement by the Justice Department.

Officials said these platforms were used to conduct cyber intrusions, spread intimidation, and amplify messaging designed to influence and destabilize targeted audiences.

The seizure, conducted with international partners, forms part of broader efforts to counter increasingly aggressive cyber operations attributed to Iranian state-aligned groups.

Targeting civilian healthcare

Security analysts have linked the Handala group to escalating cyber activities, with recent operations focusing heavily on healthcare systems and medical infrastructure.

Experts warn these attacks signal a dangerous strategic shift toward targeting civilian sectors rather than limiting operations to government or military systems.

The regime-linked actors increasingly target hospitals, medical suppliers, and healthcare technology companies, exposing critical services to disruption and widespread operational risk.

The attack on Stryker Corporation reflects this trend, targeting a global provider of medical technologies essential for patient care and hospital operations worldwide.

By targeting such infrastructure, attackers risk interrupting vital medical services that patients rely on for surgeries, emergency treatment, and ongoing healthcare needs.

These disruptions could create cascading consequences across healthcare systems, affecting clinical operations and compromising timely delivery of essential treatments.

Humanitarian concerns

The use of domains highlights how these actors exploit digital infrastructure to coordinate attacks and amplify operational reach across networks.

By hijacking or repurposing domains, they obscure attribution, distribute malicious tools, and maintain communication channels with affiliates conducting cyber operations globally.

International norms and laws of armed conflict prohibit targeting civilian infrastructure, particularly medical systems, which are protected under established humanitarian principles.

Organizations such as the International Committee of the Red Cross (ICRC) have warned that cyberattacks on healthcare systems violate fundamental protections for civilian life.

Despite these norms, Iranian-linked cyber actors appear increasingly willing to target protected sectors, demonstrating disregard for humanitarian standards and civilian safety.

Targeting medical workers and healthcare systems shows willingness to inflict indiscriminate harm, as such attacks can delay care and endanger vulnerable patients.

Cyberattacks on hospitals and suppliers compromise patient data, disrupt treatments, and blur distinctions between cyber warfare and direct harm to civilian populations.

Rather than engaging in conventional military conflict, the Islamic Republic increasingly relies on cyber capabilities to target essential non-combatant services and infrastructure.