Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account

Iran-linked group Handala claims it hacked FBI Director Kash Patel’s personal email, leaking files. The FBI says no government data was exposed.

Iran-linked hacking group Handala claims it breached FBI Director Kash Patel’s personal Gmail account and shared alleged data, including photos and files. The FBI confirmed it is aware of the incident and has taken steps to mitigate risks, stressing that the exposed material is old and does not involve any government or classified information.

“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” reads a statement issued by an FBI spokesman. “The information in question is historical in nature and involves no government information.”

Analysis of leaked data confirms that several emails attributed to Kash Patel’s Gmail account are authentic. Some emails were also sent from his former Justice Department account in 2014 and appear genuine.

TechCrunch verified that some leaked emails attributed to Kash Patel’s Gmail account are authentic by analyzing message headers, which confirm the sender and help detect spoofed emails.

The exposed files largely date back to around 2019.

The FBI is offering up to $10 million for information on the Handala hackers.

Since the U.S.-Israeli war with Iran began in February, the Iran-linked group Handala has intensified its cyberattacks. It claimed responsibility for a destructive breach at medical tech firm Stryker that targeted its internal Microsoft environment and remotely wiped tens of thousands of employee devices without using malware. 

The group claimed it wiped more than 200,000 servers, mobile devices, and other systems, forcing the company to shut down offices across 79 countries. The hacktivists also claimed they exfiltrated about 50TB of corporate data from the company’s infrastructure.

Handala appears as a pro-Palestinian hacktivist group but is widely seen as a front for Iran-backed Void Manticore, as reported by SecurityWeek. Known for phishing, data theft, extortion, and destructive wiper attacks, they also engage in info operations and psychological warfare. Since the Iran conflict began, they’ve targeted Israeli military servers, intelligence officers, and companies, stealing or wiping data.

The Justice Department accused Iran’s Ministry of Intelligence and Security (MOIS) of operating the Handala group. 

Ironically, the FBI director recently said that “Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents,” “We took down four of their operation’s pillars and we’re not done. This FBI will hunt down every actor behind these cowardly death threats and cyberattacks and will bring the full force of American law enforcement down on them.”

However, he was reportedly unable to protect his own email account.

At this stage, it remains unclear how the FBI Director’s email account was compromised, and whether it was protected by at least two-factor authentication. It is also not known if Google had previously issued any warnings to government officials about potential state-sponsored attacks, as it has done in past cases.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, FBI director)