In March 2026, US federal law enforcement seized four web domains associated with Handala’s Iranian online leak infrastructure, days after Handala published materials it claimed to have stolen during the Stryker Medical Intune MDM wiper attack (documented separately). Handala is an Iranian state-linked hacktivist group that operates as an information operations persona for Iran’s IRGC, conducting destructive cyberattacks and publishing stolen data for psychological effect and influence operations. The seized domains were used by Handala to publish stolen documents, claim credit for attacks, and disseminate anti-Israel and anti-US propaganda. Domain seizures are a standard law enforcement tool for disrupting cybercriminal and state-sponsored actor online infrastructure under CISA and DOJ authorities. The seizures follow a pattern of US government action to disrupt Iranian cyber-enabled influence operations. Previous similar actions have targeted Iranian IRGC-linked election interference infrastructure (2020) and Iranian media outlets involved in disinformation campaigns. The FBI’s Cyber Division coordinated with the DOJ National Security Division on the seizures. Note: This record documents the law enforcement response; the underlying Stryker Medical attack is documented separately in data/other/2026-03_stryker-handala-intune-wiper.yaml.