A hacktivist group that the U.S. has linked to back to Iranian intelligence services claims it has stolen "personal and confidential information" from FBI Director Kash Patel, including emails, documents and potentially confidential files.
Why it matters: The attack could be the most significant cyberattack of the ongoing war between the U.S., Israel and Iran, and could put an uncomfortable spotlight on Patel.
- An FBI spokesperson told Axios Friday it is "aware of malicious actors targeting Director Patel's personal email information" and that it has taken "all necessary steps to mitigate potential risks associated with this activity."
- The bureau spokesperson added that the "information in question is historical in nature and involves no government information."
Driving the news: Handala Hack Team, a pro-Iranian hacktivist group, posted a handful of photos of Patel standing next to cars with Cuban license plates and smoking cigars, according to the post on Handala's website seen by Axios.
- The group also shared a purported snippet of an older version of his personal resume.
Zoom in: A trove of apparently stolen emails that Handala published, reviewed by Axios, only came from Patel's personal Gmail account, not his official FBI inbox.
- The leaked conversations date back to the early 2010s and don't include any details about current FBI operations.
- Some of the emails appear to include details about many of Patel's travels between 2012 and 2019, including receipts for flights, trains and hotels.
- Others include messages and photos exchanged with family members, conversations about filing his personal taxes, and information from leasing agents about various D.C. apartments Patel was interested in renting over a decade ago.
The intrigue: Handala claims that the breach is in response the FBI's operation last week to seize several of the hacker group's domains.
- The bureau took that action after Handala claimed responsibility for a cyberattack on U.S. medical tech company Stryker.
- "While the FBI proudly seized our domains and immediately announced a $10 million reward for the heads of Handala hack members, we decided to respond to this ridiculous show in a way that will be remembered forever," the group wrote on its website Friday.
Yes, but: Groups like Handala are known to make exaggerated claims about the scale of their hacks and the information they've stolen.
- CNN reported in late 2024 that Iranian hackers accessed some of Patel's communications.
The big picture: Iran is known to lean on proxy groups like Handala for its cyber operations — making it more difficult for targeted entities to formally attribute attacks to the Iranian government.
- Experts have warned that the Iranian government will likely pursue both destructive cyberattacks against critical infrastructure and online influence operations designed to create confusion and chaos during the war.
Go deeper: First cyberattacks of war hint at Iran's playbook against U.S.
