The personal emails of F.B.I. Director Kash Patel have circulated online in what appears to be a deliberate effort to embarrass him as the war in Iran nears its first month. Questions remain about who carried out the cyberattack and exactly when the intrusion occurred.
The files were posted on a website labeled “Handala Team.” The group is a pro-Iranian hacktivist organisation tied to Iran’s Ministry of Intelligence and Security and is known for executing “hack and leak” operations targeting US officials. Cybersecurity tools indicated that the website was being hosted on a Russian server, a country with a history of hack-and-dump operations, including the 2016 Democratic email releases. The domain for the website was registered on March 19 by an entity that appeared to identify itself as the Kingdom of Tonga.
VirusTotal, a cybersecurity platform that analyzes websites for malicious code, flagged the site as potentially capable of implanting malware on devices of those who visit it.
In a statement, F.B.I. spokesman Ben Williamson confirmed that the State Department has offered a $10 million reward for information identifying the Handala Hack Team in Iran, “a group that has frequently targeted US government officials.” He acknowledged that Director Patel’s personal emails were compromised but did not provide a specific date for the breach.
“The F.B.I. is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” Williamson said. “The information in question is historical in nature and involves no government information.”
The files posted online contained more than 300 messages from a Gmail account used by Patel. The earliest emails date from February 2010, while the most recent are from February 2022. Most were personal messages covering routine matters, such as apartment hunting, booking travel, and job applications. Many messages are from 2010 to 2014, when Patel was a federal public defender in Miami, applied for a position at the Justice Department’s national security division, and later moved to Washington. Some emails include efforts by friends to introduce him to new contacts, while others contained photographs, including what appeared to be a visit to Cuba in 2013.
There were indications that the hackers may be holding back additional materials. Images on the website suggested attachments not included in the initial release, such as a 2016 version of Patel’s résumé listing a classified C.I.A. award.
Iran has long targeted prominent US officials in cyberattacks, particularly in retaliation for the 2020 killing of Maj. Gen. Qassim Suleimani, who led the Quds Force of the Islamic Revolutionary Guards Corps.
In September 2024, the F.B.I. warned that hackers connected to the Guard Corps were targeting current and former senior US officials, journalists, and other individuals associated with US political campaigns. “The targets usually have some nexus to Iranian and Middle Eastern affairs,” the bureau said in an advisory.
A former US law enforcement official confirmed that Patel was among the victims. In the same month, the Justice Department indicted three members of the Guard Corps for their involvement in hacking since 2020. According to prosecutors, the group used spear phishing and social engineering techniques to target and compromise victims’ computers and accounts.
Erizia Rubyjeana
