Federal authorities have moved to seize a network of internet domains allegedly tied to an Iran-linked hacking operation accused of targeting government systems, private individuals, and critical infrastructure, according to a newly unsealed affidavit filed in U.S. District Court in Maryland.
The FBI affidavit identifies four domains — including justicefor... and handala-hack... — that investigators say were used by a coordinated cyber group operating under multiple aliases, including "Homeland Justice," "Handala Hack," and "Karma Below."
Authorities allege the sites were instrumental in cyber intrusions, data theft, and the public release of sensitive personal information.
According to the filing, the activity is linked to actors affiliated with Iran's Ministry of Intelligence and Security.
Investigators say the group has carried out a range of operations, including ransomware attacks, website defacements and so-called "doxing" campaigns targeting individuals and organizations viewed as adversaries.
The affidavit outlines a 2022 cyberattack on Albanian government systems that disrupted services and resulted in the theft of sensitive data, including communications involving national security matters.
U.S. investigators say the same actors later attempted to sell portions of that data through online channels.
In one instance cited in the document, an undercover FBI employee purchased a dataset in 2025 believed to contain personal information of Albanian citizens, including names, identification numbers, and other sensitive details.
Authorities also describe more recent incidents affecting the United States. In Maryland, a cyberattack attributed to the group disrupted hospital systems and impacted emergency communications, forcing some providers to rely on backup methods.
Investigators say the group used malware disguised as legitimate software to gain access to victims' computers and maintain persistent control over targeted systems.
In some cases, the hackers allegedly issued threats and published personal data to intimidate victims, including dissidents and individuals with ties to Israel.
Prosecutors argue the domains functioned as key infrastructure for the operation, hosting stolen data, amplifying threats, and coordinating activities.
Seizing them, authorities say, would disrupt ongoing criminal activity and prevent further dissemination of sensitive information.
The government is seeking forfeiture of the domains under federal laws governing computer fraud and property used in criminal activity. If approved, the domains would be redirected to servers controlled by law enforcement, effectively shutting down their current use.
Solange Reyner ✉
Solange Reyner is a writer and editor for Newsmax. She has more than 15 years in the journalism industry reporting and covering news, sports and politics.
© 2026 Newsmax. All rights reserved.