Kash Patel compromised in massive Iran-linked 'Handala' hack

WASHINGTON, DC: The FBI is reeling from a massive security breach after a pro-Iranian hacktivist group, Handala, claimed to have infiltrated the personal and confidential files of FBI Director Kash Patel on Friday, March 27.

In what is being characterized as the most significant cyber-retaliation of the month-old war, the group has purportedly leaked a trove of Patel’s private communications, internal documents, and sensitive personal data.

While the FBI has yet to issue an official statement, a Department of Justice source has already confirmed to Reuters that Patel’s personal email was indeed breached.

Handala, which independent threat intelligence firms such as Check Point and SOCRadar have linked to Iran’s Ministry of Intelligence and Security (MOIS), released several "proof" images online, including photos of Patel in a personal capacity - smoking cigars and standing near vehicles with Cuban license plates, alongside a zip file allegedly containing 50 terabytes of stolen data.

Hackers respond to $10 million bounty

The breach appears to be a direct response to the FBI's aggressive crackdown on Iranian cyber infrastructure last week.

On March 19, the Bureau seized four of Handala’s primary domains - including 'handala-hack.to,' following the group’s devastating wiper attack on the medical technology giant Stryker.

In a defiant statement posted to their new Tongan-registered website, the group mocked the US Department of State’s 'Rewards for Justice' program, which recently offered a $10 million bounty for information leading to the arrest of Handala members. 

"While the FBI proudly seized our domains and immediately announced a $10 million reward for the heads of Handala hack members, we decided to respond to this ridiculous show in a way that will be remembered forever," the group wrote.

Security legends collapse in war's first cyber-shock

Cybersecurity experts warn that the breach of the nation’s top law enforcement official represents a "psychological collapse" of American security narratives.

Patel, who was confirmed as FBI director in February 2025, has been a vocal critic of "deep state" surveillance and has pushed for radical reforms within the Bureau.

This attack now places his own private and professional life under the very type of intrusive spotlight he has spent his career navigating.

Handala has established a "faketivist" reputation by combining destructive wiper malware with high-profile "hack-and-leak" campaigns designed to create maximum reputational damage.

Prior to targeting Patel, the group claimed to have wiped over 200,000 devices at Stryker and leaked sensitive PII belonging to the Israeli Defense Force (IDF), proving their capability to strike high-value Western targets.

Iran proxies pivot to destructive influence

The targeting of Patel reflects a pattern identified by analysts in which Iranian-linked groups conduct cyber operations during periods of military conflict.

Groups such as Handala, also known as 'Void Manticore' and 'Banished Kitten', have been previously associated with such activities, according to cybersecurity researchers.

While some of Handala’s past claims have been disputed, forensic analysts said the leaked images of Patel appear authentic and may be linked to a prolonged breach.

Authorities have not publicly confirmed the scope or timeline of the incident. As US operations under “Operation Epic Fury” continue, officials and experts have noted increased cyber activity targeting government systems.