US seizes Iranian government domains masked as legitimate news outlets

The web of domains was utilized to spread propaganda and disinformation.
Written by Charlie Osborne, Contributing Writer

US law enforcement has seized 92 domains used to spread propaganda and fake news by Iran's Islamic Revolutionary Guard Corps (IRGC). 

The Department of Justice (DoJ) said on Wednesday that the IRGC has used the domains to "unlawfully engage in a global disinformation campaign."

Four of the domains were used to create news outlets that appeared legitimate but the flow of 'news' articles and contents hosted by the websites were controlled by the IRGC. 

See also: Black Hat: When penetration testing earns you a felony arrest record

In particular, US audiences were targeted with Iranian propaganda "to influence United States domestic and foreign policy in violation of the Foreign Agents Registration Act (FARA)," the DoJ claims.

Google tipped off US law enforcement to the global campaign, and then with the help of the tech giant, Twitter, Facebook, and the FBI, 92 domains were confiscated on October 7.


Under the US International Emergency Economic Powers Act (IEEPA) and active sanctions that prevent the unauthorized export of goods and services between Iran and the US, a warrant was issued for the seizure of the illegal domains. 

US prosecutors say the fake news outlets were closed under legislation outlined by FARA, which requires foreign entities to transparently disclose the source of information and people when content attempts to "influence US public opinion, policy, and law." 

The news websites targeted the US -- newsstand7.com, usjournal.net, usjournal.us, and twtoday.net -- have now been seized and display an FBI notice. 

One of the domains, newsstand7.com, used the slogan "Awareness Made America Great" and published articles relating to US President Trump, the Black Lives Matter movement, US unemployment, COVID-19, and police brutality, among other topics. 


"These domains targeted a United States audience without proper registration pursuant to FARA and without notifying the American public with a conspicuous notice that the content of the domains was being published on behalf of the IRGC and the Government of Iran," the DoJ commented. 

CNET: Privacy push could banish some annoying website popups and online tracking

The other 88 domains targeted audiences in Europe, the Middle East, and Southeast Asia. These domains, too, masqueraded as news outlets and media organizations. 

"We will continue to use all of our tools to stop the Iranian Government from misusing US companies and social media to spread propaganda covertly, to attempt to influence the American public secretly, and to sow discord," said Assistant Attorney General for National Security John Demers.  "Fake news organizations have become a new outlet for disinformation spread by authoritarian countries as they continue to try to undermine our democracy."    

TechRepublic: Cybersecurity Awareness Month: How to protect your kids from identity theft

The IRGC has been branded as a foreign terrorist organization by the US government. 

The state-sponsored hacking group has been previously connected to cyberattacks against US aerospace, industrial, and business entities, as well as universities, in information theft and cyberespionage campaigns. In 2018, Iran was cited as a "growing threat" in the cybersecurity landscape by Accenture.

The biggest hacks, data breaches of 2020 (so far)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards