2026年3月19日 / 美国东部时间晚上11:26 / 哥伦比亚广播公司新闻
美国司法部表示,已关闭四个网站,这些网站据称被与伊朗政府有关联的团体用于发布黑客获取的信息以及威胁政权批评者。
此举发生之际,人们担心美国和以色列对伊朗的战争可能会扩大到网络攻击。一家与伊朗伊斯兰革命卫队有关联的通讯社威胁美国科技公司称它们可能成为目标,而司法部针对的一个与伊朗有关联的团体似乎宣称对上周密歇根州一家医疗科技公司遭受的黑客攻击负责。
与此同时,美国军方官员表示,在战争初期,网络行动帮助削弱了伊朗的通信能力。
司法部关闭的网站名称对应三个不同的涉嫌黑客组织:Handala(汉达拉)、Homeland Justice(国土正义)和Karma Below(下方业力)。联邦调查局在法庭文件中称,这三个组织均由伊朗情报和安全部运营,并且使用包括“定制恶意软件”在内的类似策略。
司法部称,这四个网站被用于伊朗政府资助的“黑客攻击和跨国镇压计划”,以及“针对政权反对者的企图心理战”。
例如,Handala网站据称被用于宣称对“针对美国一家跨国医疗科技公司的破坏性恶意软件攻击”负责。
司法部没有指明这家公司,但上周,医疗科技公司史赛克(Stryker)报告称遭遇网络攻击,导致“全球中断”。网络安全专家布赖恩·克雷布斯(Brian Krebs)上周在博客文章中写道,Handala似乎声称对此次事件负责,表面上是为了报复伊朗一所女子学校发生的致命爆炸事件,初步评估称美国可能与此有关。
史赛克公司表示,此次黑客攻击仅限于其内部微软系统,并未影响其任何产品,包括医疗植入物。哥伦比亚广播公司新闻已联系该公司寻求置评。
司法部称,Handala还在最近几周使用被查封的网站宣称对针对哈西德犹太社区成员的黑客攻击负责,并分享以色列国防军和以色列政府雇员的姓名及个人信息。该组织据称曾一度鼓励伊朗支持者“回应”以色列国防军人员。
司法部还称,Handala本月早些时候向伊朗异见人士和记者发送死亡威胁电子邮件,其中至少有一人住在美国。司法部披露的一条据称是该组织发送的信息称,Handala是总部位于墨西哥的哈利斯科新一代卡特尔(Jalisco New Generation Cartel)的“合作伙伴”,并悬赏25万美元取目标性命。
司法部称,另一个被关闭的网站与Homeland Justice有关联,据称被用于宣称对2022年针对阿尔巴尼亚政府的备受关注的黑客攻击负责。
联邦调查局在法庭文件中称,作为调查的一部分,一名卧底特工从Homeland Justice一名代表手中购买了一批被盗数据,其中包括与2022年事件相关的阿尔巴尼亚身份证。
“伊朗以为他们可以躲在虚假网站和键盘威胁后面恐吓美国人并压制异见人士,”联邦调查局局长卡什·帕特尔(Kash Patel)周四在一份声明中表示,“我们摧毁了他们行动的四个支柱,我们不会就此止步。”
美国当局长期以来一直警告伊朗国家支持的黑客攻击风险。多年来,伊朗一直被指控试图压制美国境内的异见人士,包括多起企图绑架或谋杀伊朗裔美国记者、政权批评者马西·阿林贾德(Masih Alinejad)的未遂阴谋,阿林贾德是哥伦比亚广播公司新闻的撰稿人。
但当史赛克公司在上周美国对伊朗战争爆发后遭到网络攻击时,前网络安全和基础设施安全局局长克里斯·克雷布斯(Chris Krebs)告诉哥伦比亚广播公司新闻,“这场冲突的网络战前线已经正式拉开帷幕。”
克雷布斯(Krebs)是哥伦比亚广播公司新闻的撰稿人,他在上周的《哥伦比亚广播公司早间新闻》中表示,Handala与伊朗政府之间的界限“确实模糊不清”。
“伊朗几乎是‘全员出击’,”他说,“所以他们所有的团体,无论是否直接隶属于军方、情报部门,还是他们的代理机构、承包商、黑客活动分子、同情者,无论你怎么称呼他们——他们都在寻找目标。”
DOJ says it shut down websites that spread Iranian propaganda, threatened dissidents and took credit for hacks
March 19, 2026 / 11:26 PM EDT / CBS News
The Justice Department says it has shuttered four websites that were allegedly used by Iranian government-linked groups to post hacked information and threaten regime critics.
The move comes amid fears that the U.S. and Israel’s war with Iran could expand into cyberattacks. A news agency linked to the Iranian Revolutionary Guards has threatened American tech companies that they could be targets, and one of the Iran-linked groups targeted by the Justice Department appeared to take credit for a hack on a Michigan medical technology company last week.
Meanwhile, U.S. military officials have said cyber operations helped to degrade Iran’s communications in the early hours of the war.
The websites that were shut down by the Justice Department had names that corresponded to three different alleged hacking groups: Handala, Homeland Justice and Karma Below. In court papers, the FBI said all three groups are run by Iran’s Ministry of Intelligence and Security, and they use similar tactics, including “custom-built malware.”
The Justice Department says the four sites were used for Iranian government-sponsored “hacking and transnational repression schemes,” and for “attempted psychological operations targeting adversaries of the regime.”
For example, the Handala sites were allegedly used to take credit for “a destructive malware attack against a U.S.-based multinational medical technologies firm.”
The Justice Department didn’t identify that firm, but last week, medical technology company Stryker reported a cyberattack that caused “global disruption.” Cybersecurity expert Brian Krebs wrote in a blog post last week that Handala appeared to claim responsibility for the incident, which was ostensibly in retaliation for a deadly bombing of a girls’ school in Iran that early assessments say the U.S. may have been responsible for.
Stryker said the hack was limited to its internal Microsoft systems and did not affect any of its products, including its medical implants. CBS News has reached out to the company for comment.
Handala has also allegedly used the seized websites in recent weeks to take credit for a hack against members of a Hasidic Jewish community, and to share names and personal information for Israel Defense Forces and Israeli government employees, the Justice Department said. At one point, the group allegedly encouraged supporters of Iran to “respond” to the IDF personnel, the Justice Department said.
And Handala was accused of emailing death threats earlier this month to Iranian dissidents and journalists, at least one of whom lived in the United States, the Justice Department said. One alleged message that was disclosed by the Justice Department claimed Handala was “partners” with the Mexico-based Jalisco New Generation Cartel and offered a $250,000 reward for the target’s death.
One of the other shuttered websites was associated with Homeland Justice and was allegedly used to take credit for a highly publicized 2022 hack against the Albanian government, the DOJ said.
The FBI said in court papers that as part of its investigation, an undercover agent bought a trove of stolen data from a representative of Homeland Justice, including Albanian ID cards that appeared related to the 2022 incident.
“Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents,” FBI Director Kash Patel said in a statement Thursday. “We took down four of their operation’s pillars and we’re not done.”
U.S. authorities have long warned about the risk of Iranian state-sponsored hacking. And Iran has been linked to attempts to suppress dissidents in the U.S. for years, including multiple thwarted plots to kidnap or murder Iranian-American journalist and regime critic Masih Alinejad, a CBS News contributor.
But when Stryker was targeted in a cyberattack last week, following the start of the U.S.-Iran war, former Cybersecurity and Infrastructure Security Agency Director Chris Krebs told CBS News it appeared that “the cyber front of this conflict has officially opened.”
Krebs, a CBS News contributor, said on “CBS Mornings” last week that the line between Handala and the Iranian government is “really blurry.”
“It’s almost an all-hands-on-deck approach by Iran,” he said. “So all of their groups, whether they’re directly related to the military, the intelligence services or their proxies, contractors, hacktivists, sympathizers, whatever you want to call them — they’re all going for targets.”
发表回复