Iran-linked hackers on Friday claimed to have gained access to FBI Director Kash Patel’s personal email account, posting photos and other documents online.
Hacking group Handala Hack Team said on its website that Patel “will now find his name on the list of successfully hacked victims”. The posted content included personal images of Patel smoking and sniffing cigars, driving an antique convertible and taking selfies in a mirror while holding a large bottle of rum, Reuters reported.
A Justice Department official confirmed that Patel’s email had been compromised and noted that the material appearing online appeared to be genuine. The FBI did not immediately comment and the hackers did not respond to messages seeking clarification, the report said.
The agency could not independently verify the authenticity of the emails purported to belong to Patel. However, the personal Gmail account that the Handala Hack Team claims to have breached matches an address previously linked to Patel in a breach of data archived by dark web intelligence firm District 4 Labs. Google, which runs Gmail, did not immediately respond to a request for comment.
A Reuters review of a sample of material released by the hackers shows that the content includes a mix of personal and professional correspondence from 2010 to 2019.
Iran-backed cyber attacks targeting Patel in 2024
US intelligence agencies have repeatedly warned of the risk of Tehran-aligned hackers retaliating after US and Israeli airstrikes on Iran last month. This is not the first case of Iran-backed cyber attacks targeting FBI Director Kash Patel’s personal information.
Just weeks before Patel’s appointment as FBI director at the end of 2024, officials told him he had been singled out in an Iranian cyberattack that leaked some of his private communications, according to CNN.
The 2024 cyberattack was part of a broader campaign by foreign hackers, including groups from China and Iran, to target the accounts of incoming Trump administration officials. Those affected included current Deputy Attorney General Todd Blanche, former Interim US Attorney for the Eastern District of Virginia Lindsey Halligan, and Donald Trump Jr.
What did the DoJ say after an Iran-linked group cyberattacked Stryker?
An Iran-linked group that recently claimed responsibility for the breach of Patel’s emails also carried out a cyberattack earlier this month that disrupted operations at a major US medical device company, Stryker.
At the time, the hackers said their actions were in retaliation for a rocket attack on a primary school in Iran, in which Iranian state media said at least 168 children had been killed. The Pentagon confirmed it was investigating the incident.
The Justice Department said it seized the four domains as part of an ongoing effort to disrupt hacking and transnational repression operations allegedly carried out by Iran’s Ministry of Intelligence and Security. The Department of Justice previously said it had taken control of four domains linked to the “Handala Hack Team”. It also said that Handala is one of many publicly available identities used by a hacking unit linked to Iran’s Ministry of Intelligence and Security as part of its psychological operations.
