The personal email account of FBI Director Kash Patel has been compromised by a group linked to Iran, the agency has confirmed. A group known as the Handala Hack Team shared Patel's purported resume and photos on its website on Friday along with a statement declaring, "This is just our beginning."

The group's statement questioned, "If your director can be compromised this easily, what do you expect from your lower-level employees?" The FBI acknowledged that "malicious actors" had targeted Patel's email information, adding that the accessed data was "historical in nature and involves no government information." Iranian-backed hackers were reportedly involved in breaching Patel's private communications in 2024, weeks before his appointment to lead the FBI, though it remains unclear if this breach differs from the one claimed by Handala on Friday.

Photos allegedly taken from Patel's email account, watermarked with the group's logo, have circulated on social media. They depict Patel in various unidentified locations, including standing beside a vintage convertible, smiling next to a jet, smoking and sniffing cigars, taking a selfie with a liquor bottle, and posing in what appear to be restaurants and hotels. The BBC has not independently verified the leaked documents.

In its hack announcement, the Handala group boasted that "the so-called 'impenetrable' systems of the FBI were brought to their knees within hours by our team," and rhetorically asked, "This is the security that the US government boasts about?! This is the cyber giant that thinks threats and bribes can silence the voice of resistance?!" The FBI responded by offering up to $10 million (£7.5 million) for information leading to the identification of Handala group members.

Last week, the US Justice Department seized several Handala domain names, alleging their involvement in hacking schemes connected to the Islamic Republic of Iran. The department claimed Iran's Ministry of Intelligence and Security (MOIS) had used Handala websites to spread "terrorist propaganda," conduct "attempted psychological operations targeting adversaries of the government," claim credit for hacking activities, and call for the killing of journalists and dissidents. The domain used in the Patel hack was registered on March 19, the same day the Justice Department announced the seizure of four Handala-associated domains, as reported by CBS News.

Handala stated that its intrusion into Patel's email was retaliation for the FBI's seizure of its websites and the agency's $10 million reward offer for information on similar malicious attacks. Earlier in March, the group also claimed responsibility for a cyberattack on US medical technology firm Stryker, where employee login pages were defaced with messages claiming data had been erased in a 'wiper' attack by the Iran-backed hacktivist group. In a since-suspended X post, Handala alleged it wiped "over 200,000 systems, servers, and mobile devices" and extracted "50 terabytes of critical data" in the Stryker incident.

The group justified the Stryker cyberattack as "in retaliation for the brutal attack" on an Iranian girls' school at the start of the war, which killed over 160 people, and "in response to ongoing cyber assaults against the infrastructure" of Iran and its allies. This series of events highlights the escalating cyber tensions between the US and Iran, with Handala positioning itself as a retaliatory force against perceived US aggression.

Source: www.bbc.com