Kash Patel compromised in massive Iran-linked 'Handala' hack

Kash Patel’s personal data and emails were allegedly leaked in a 'forever remembered' retaliation for a $10 million US bounty
Handala hackers claimed they compromised FBI Director Kash Patel's personal email account, releasing private images and files to mock US law enforcement (AP Photo/Rod Lamkey, Jr)
Handala hackers claimed they compromised FBI Director Kash Patel's personal email account, releasing private images and files to mock US law enforcement (AP Photo/Rod Lamkey, Jr)


WASHINGTON, DC: The FBI is reeling from a massive security breach after a pro-Iranian hacktivist group, Handala, claimed to have infiltrated the personal and confidential files of FBI Director Kash Patel on Friday, March 27.

In what is being characterized as the most significant cyber-retaliation of the month-old war, the group has purportedly leaked a trove of Patel’s private communications, internal documents, and sensitive personal data.

While the FBI has yet to issue an official statement, a Department of Justice source has already confirmed to Reuters that Patel’s personal email was indeed breached.

Handala, which independent threat intelligence firms such as Check Point and SOCRadar have linked to Iran’s Ministry of Intelligence and Security (MOIS), released several "proof" images online, including photos of Patel in a personal capacity - smoking cigars and standing near vehicles with Cuban license plates, alongside a zip file allegedly containing 50 terabytes of stolen data.

Hackers respond to $10 million bounty



The breach appears to be a direct response to the FBI's aggressive crackdown on Iranian cyber infrastructure last week.

On March 19, the Bureau seized four of Handala’s primary domains - including 'handala-hack.to,' following the group’s devastating wiper attack on the medical technology giant Stryker.

In a defiant statement posted to their new Tongan-registered website, the group mocked the US Department of State’s 'Rewards for Justice' program, which recently offered a $10 million bounty for information leading to the arrest of Handala members. 



"While the FBI proudly seized our domains and immediately announced a $10 million reward for the heads of Handala hack members, we decided to respond to this ridiculous show in a way that will be remembered forever," the group wrote.

Security legends collapse in war's first cyber-shock

Cybersecurity experts warn that the breach of the nation’s top law enforcement official represents a "psychological collapse" of American security narratives.

Patel, who was confirmed as FBI director in February 2025, has been a vocal critic of "deep state" surveillance and has pushed for radical reforms within the Bureau.

FBI Director Kash Patel listens during the Senate Committee on Intelligence hearings on Capitol Hill Wednesday, March 18, 2026, in Washington. (AP Photo/Jose Luis Magana)
FBI Director Kash Patel listens during the Senate Committee on Intelligence hearings on Capitol Hill, Wednesday, March 18, 2026, in Washington (AP Photo/Jose Luis Magana)

This attack now places his own private and professional life under the very type of intrusive spotlight he has spent his career navigating.

Handala has established a "faketivist" reputation by combining destructive wiper malware with high-profile "hack-and-leak" campaigns designed to create maximum reputational damage.



Prior to targeting Patel, the group claimed to have wiped over 200,000 devices at Stryker and leaked sensitive PII belonging to the Israeli Defense Force (IDF), proving their capability to strike high-value Western targets.

Iran proxies pivot to destructive influence

The targeting of Patel reflects a pattern identified by analysts in which Iranian-linked groups conduct cyber operations during periods of military conflict.

Groups such as Handala, also known as 'Void Manticore' and 'Banished Kitten', have been previously associated with such activities, according to cybersecurity researchers.

While some of Handala’s past claims have been disputed, forensic analysts said the leaked images of Patel appear authentic and may be linked to a prolonged breach.

This image from video provided by U.S. Central Command shows a missile being launched from a U.S. Navy ship in support of Operation Epic Fury on Saturday, Feb. 28, 2026. (U.S. Central Command via AP)
This image from video provided by US Central Command shows a missile being launched from a US Navy ship in support of Operation Epic Fury on Saturday, February 28, 2026 (US Central Command via AP)

Authorities have not publicly confirmed the scope or timeline of the incident. As US operations under “Operation Epic Fury” continue, officials and experts have noted increased cyber activity targeting government systems.

RELATED TOPICS US STRIKES IRAN

GET BREAKING U.S. NEWS & POLITICAL UPDATES
STRAIGHT TO YOUR INBOX.

MORE STORIES

Recently disclosed documents suggest communications involving dozens of lawmakers were reviewed during the probe
4 minutes ago
The president urged Israel to begin redeploying forces, warning that a prolonged military presence in neighboring territories could inflame tensions
20 minutes ago
The president said White House physicians concluded the senator most likely died from a rare inherited condition, rejecting speculation of foul play
1 hour ago
In his first congressional testimony as Fed chair, Trump's appointee said interest-rate decisions would remain free from political influence
2 hours ago
Trump abandoned his proposed 20% Hormuz shipping fee, replacing it with Gulf-backed investments
2 hours ago
Amy Coney Barrett recalled receiving a bulletproof vest as Elena Kagan warned threats against Supreme Court justices have surged
3 hours ago
Lawmakers raise questions over possible mistaken identity, the absence of body-camera footage, and the circumstances surrounding the fatal shooting
3 hours ago
Donald Trump said he was 'never a huge fan' of Mitch McConnell but added that he hopes the senator recovers
12 hours ago
Trump said the Reflecting Pool was drained to repair damage he attributed to vandalism, rejecting reports that repairs were linked to peeling liner and algae
13 hours ago
Trump says he is 'giving it back' to the people as he rolls back protections on two Utah monuments
14 hours ago