Iran-backed hackers breach FBI director Kash Patel's personal emails
Getty ImagesFBI Director Kash Patel's personal email account has been hacked by an Iran-linked group, the agency has confirmed.
A group, known as the Handala Hack Team, shared Patel's purported resume and photos of him on its website on Friday along with a statement that says: "This is just our beginning."
The FBI said it was aware of "malicious actors" targeting Patel's email information. "The information in question is historical in nature and involves no government information."
The agency is offering up to $10m (£7.5m) for information that helps in identifying members of the Handala group.
Iranian-backed hackers were reported to have breached Patel's private communications in 2024, weeks before he was appointed to lead the FBI. It is not clear if that breach was different from the one claimed by the Handala group on Friday.
Photos Handala claims to have taken from Patel's email account have been circulating on social media with the group's logo added as a watermark.
The photos show Patel at various unidentified locations, including standing beside a vintage convertible, smiling next to a jet, smoking and sniffing cigars, taking a selfie next to a bottle of liquor, and posing in what appear to be restaurants and hotels.
The BBC has not independently verified the leaked documents.
Cynthia Kaiser, senior vice-president at Halcyon Ransomware Research Center, told the BBC that Friday's release was likely from a historical breach.
"The emails look very old and that makes me believe that this is likely a compromise that occurred from other groups in another time period, and is recycled today," Kaiser, who has worked at the FBI's Criminal, Cyber, Response, and Services Branch, said.
The Handala group said in its statement announcing the hack that the "so-called 'impenetrable' systems of the FBI were brought to their knees within hours by our team. This is the security that the US government boasts about?! This is the cyber giant that thinks threats and bribes can silence the voice of resistance?!"
Experts say this kind of operation on a senior US government official may not take much sophistication to achieve.
"Personal accounts don't have the same level of protection and alerting as government systems, so these are often an attractive target for hackers," said Dave Schroeder, director of National Security Initiatives at the University of Wisconsin–Madison.
"Handala consistently tries to gain this type of access because it serves their interests to claim hacks of prominent people and organizations," Schroeder added.
Last week, the US justice department seized several Handala domain names it says were involved in hacking schemes linked to the Islamic Republic of Iran.
The department said Iran's Ministry of Intelligence and Security (MOIS) had been using the Handala websites to spread "terrorist propaganda", conduct "attempted psychological operations targeting adversaries of the regime", claim credit for hacking activity, and call for the killing of journalists and dissidents.
The domain used to carry out the hack against Patel was registered the same day the justice department announced it had seized the four domains associated with the group, on 19 March, CBS News, the BBC's US partner, reported.
Handala said its hacking of Patel's email account was in retaliation for the FBI's seizure of its websites, as well as for the FBI offering a reward of $10m for information on similar malicious attacks.
Earlier in March, Handala group also claimed responsibility for the cyber-attack on US medical technology firm Stryker.
The incident saw the company's employee login defaced with a message claiming data had been erased in a "wiper" attack by the Iran-backed group of hacktivists.
In a post at the time on their now-suspended X account, Handala claimed it had wiped "over 200,000 systems, servers and mobile devices", and extracted "50 terabytes of critical data".
The group said the Stryker cyber-attack was "in retaliation for the brutal attack" on an Iranian girls' school at the start of the war, in which more than 160 people were killed, as well as "in response to ongoing cyber assaults against the infrastructure" of Iran and its allies.