The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents.
The FBI has confirmed the compromise, saying that the stolen data was not recent and did not include any government data.
On Friday, the Handala threat actor announced on one of their websites that Patel has been added to the list of their victims, alleging that they compromised “the so-called ‘impenetrable’ systems of the FBI” in just a few hours.
The hackers said that their action was in response to the FBI seizing Handala domains and the U.S. government offering a reward of up to $10 million for information on the threat group’s members.
However, the hackers had breached the FBI Director’s personal Gmail inbox.
“All personal and confidential information of Kash Patel, including emails, conversations, documents, and even classified files, is now available for public download,” the Handala hackers said before publishing proof of the breach.
source: BleepingComputer
Shortly after the announcement, the threat actor published a set of watermarked personal photos and documents extracted from Patel’s inbox, along with email correspondence from before becoming FBI director.
In a statement for BleepingComputer, the FBI said that it was aware of hackers “targeting Director Patel’s personal email information.”
The agency further notes that it has taken every necessary precaution to reduce any negative impact that may result from this activity.
“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity. The information in question is historical in nature and involves no government information,” – the Federal Bureau of Investigation
The Handala hacktivist group has previously breached the Microsoft environment of medical technology giant Stryker and wiped nearly 80,000 devices.
Also known as Handala Hack, Hatef, and Hamsa, the actor emerged in December 2023 and is a hacktivist persona carrying out cyber activities for Iran’s Ministry of Intelligence and Security (MOIS).
In the statement on the compromise of Director Patel’s personal email account, the FBI reiterated the $10 million reward from the Department of State’s Rewards for Justice “for information leading to the identification of the Handala Hack Team out of Iran.”
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
