An Iran-linked hacking group has targeted FBI Director Kash Patel, breaching his personal email and publishing its contents in what appears to be a retaliatory cyber attack.
The group, known as Handala Hack Team, claimed responsibility for the breach. According to Reuters, the group released emails and documents dating back years. Reacting to the incident, the FBI says the released material is old and contains no classified information.
However, the breach highlights how even senior officials remain exposed through personal accounts — even if the impact in this case appears limited to non-sensitive data — and indicates heightened cyber tensions between the US and Iran.
The why behind the hack
In a message posted on its website and cited by Reuters, the hacking group said the breach was carried out in retaliation. It pointed to the Mar. 19 seizure of four domains linked to its operations by US authorities as the trigger. According to them, the exact domain used to breach Patel’s email was registered the very day those four were seized.
Publishing personal photos, emails, and documents of the director, the group wrote on its website:
“Kash Patel, the current head of the FBI, who once saw his name displayed with pride on the agency’s headquarters, will now find his name among the list of successfully hacked victims. The so-called ‘impenetrable’ systems of the FBI were brought to their knees within hours by our team. All personal and confidential information of Kash Patel, including emails, conversations, documents, and even classified files, is now available for public download.”
However, there is no evidence that FBI systems were breached, and officials say the compromised account was limited to Patel’s personal email. Claims about access to classified files have not been verified and are likely exaggerated.
Breaching Patel’s email hasn’t been the only successful notability hack the Handala Hack Team has carried out.
Before seizing those four domains, the Justice Department, as reported by CBS News, stated that the group was responsible for some cybercrimes against the US and Israel. Two of these include a malware attack on Stryker, a US-based medical firm, and the public disclosure of sensitive data belonging to about 190 people working with the Israeli government.
Such hacking activities aren’t uncommon during international conflicts. The group also claimed to have recently posted data belonging to dozens of Lockheed Martin employees based in the Middle East. Activities like these likely contributed to the seizure of Handala’s domains.
Reactions to the breach
While the FBI acknowledged the breach of Patel’s email, it has made reassuring statements that the data is outdated and that the emails are not important. It also noted that an investigation is ongoing and that steps are being taken to mitigate associated risks.
In a statement from FBI spokesman Ben Williamson, the bureau confirmed the scope of the breach by saying that the accessed data was “historical in nature and involves no government information.” Augmenting Williamson’s report, Reuters, in its report, noted that the Gmail address matched Patel’s, and the leaked emails were from 2010 to 2019, long before Patel became the FBI’s boss.
Before the breach, the FBI had already set up a $10 million reward for information leading to the identification of members of the group believed to be linked to Iran, an effort the group stated it was aware of.
As of late Friday, Handala’s website was inaccessible. And Google, the owner of Gmail, which Patel uses for his personal email, has not responded to Reuters’ comments.
The US government, through the Department of Homeland Security (DHS), anticipated attacks like these. According to a report from the DHS’s Office of Intelligence and Analysis, reviewed by Reuters, Iran and its allies would attempt to carry out small-scale cyberattacks, especially retaliatory ones.
Gil Messing, chief of staff at an Israeli cybersecurity firm, Check Point, calls this an attempt to make US officials “feel vulnerable,” while noting that the Iranians are “firing whatever they have.”
While relevant US agencies have reiterated that they are prepared for what is to come, attacks like this against US officials may continue, as these hackers may have other targets, Reuters added.
Stay protected: Google just patched eight Chrome vulnerabilities affecting 3.5 billion users. Here’s what you need to know.
