Overview
- The FBI, which confirmed the intrusion Friday, said Director Kash Patel’s personal Gmail was hit and that the exposed material was historical and not government data.
- Handala posted private photos of Patel and a sample of hundreds of emails from about 2010 to 2019 on its website to showcase the breach.
- The Justice Department has linked the Handala identity to Iran’s Ministry of Intelligence and Security, and researchers say units tied to the Revolutionary Guard also use the label.
- Investigators describe the group’s playbook as targeted phishing to steal logins, followed by malware and a Telegram bot that pulls files, screenshots, and other data from compromised devices.
- The breach fits a March surge of Handala activity that included claimed ransomware against Stryker and the release of Lockheed employee data, while U.S. authorities disrupted related sites and offered rewards up to $10 million to identify the operators.