The leaks appear to be authentic, according to a person familiar with the matter.
A pro-Iran hacker group claimed to have accessed FBI Director Kash Patel’s personal email and posted purported contents from the inbox online.
Handala, which claimed responsibility in recent weeks for hacks against Stryker and Lockheed Martin in response to the Iran war, circulated images and documents online that they claimed to be from Patel’s email account. Many images include pictures of Patel in a personal capacity before becoming FBI director.
The leaks appear to be authentic, according to a person familiar with the matter who requested anonymity because they weren’t authorized to publicly discuss details of the breach.
The incident was first reported by Reuters.
“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity. The information in question is historical in nature and involves no government information,” the bureau said in a statement after this story published.
Handala said it carried out the intrusion after the FBI last week said it seized domains used by the group.
“Today, once again, the world witnessed the collapse of America’s so-called security legends,” the group wrote on its website. “While the FBI proudly seized our domains and immediately announced a $10 million reward for the heads of Handala Hack members, we decided to respond to this ridiculous show in a way that will be remembered forever.”
The breach is likely legitimate, according to a former U.S. official who said that administration officials’ personal email accounts are a frequent target of Iranian hackers.
It would not be the first time that Iran-aligned hackers executed a “hack and leak” operation against U.S. targets. In 2024, the Trump campaign was accessed in an Iranian hack that exposed vetting documents for Vice President JD Vance.
Editor’s note: This story has been updated to include remarks from a former U.S. official and the FBI.
Facts Only
Actors: Handala, FBI Director Kash Patel
Events: Breach of personal email, posting of purported contents online, seizure of domains by the FBI
Timeline: Ongoing since last week's domain seizure; historical nature of the leaked information
Locations: Not specified
Executive Summary
Full Take
Pattern Analysis and Deeper Implications:
**Steelman**: The article presents a narrative that Handala, a pro-Iran hacker group, has breached FBI Director Kash Patel's personal email. The leaked contents appear to be authentic according to an anonymous source, and the incident follows the FBI's seizure of domains used by the group last week.
**Patterns Detected**: ARC-0043 Motte-and-Bailey (The hackers present themselves as victims while attacking their adversary), ARC-0024 Ambiguity (The article does not clearly state how the breach occurred or what specific information was leaked)
**Root Cause**: The root cause driving this narrative is the ongoing conflict between Iran and the U.S., with cyberattacks serving as a means to exert influence and assert power. The targeting of high-profile individuals, such as the FBI Director, can be seen as an attempt to undermine trust in American institutions.
**Implications**: This event highlights the increasing use of cyberwarfare tactics by nation-state actors, raising concerns about privacy, security, and the potential for further escalations in geopolitical tensions. The second-order consequences include possible diplomatic repercussions and increased vigilance against such attacks in the future.
**Bridge Questions**: What is the extent of the information leaked? How might this incident impact U.S.-Iran relations, both cybersecurity measures and overall diplomacy? Are there any additional motivations behind Handala's actions beyond retaliation for the domain seizure?
