The Federal Bureau of Investigation (FBI) has confirmed that hackers targeted the personal emails of Director Kash Patel after an Iranian government-linked hacking group posted documents and images online, claiming to have stolen them from the Director.
In a statement on Friday, March 27, the FBI confirmed the agency was “aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity.”
“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” read part of the FBI statement.
“The information in question is historical in nature and involves no government information.”
FBI confirms hackers targeted Kash Patel’s personal emails
However, the statement did not include details on who was behind the attack.
“The FBI will continue to pursue the actors responsible, support victims, and share actionable intelligence in defense of networks.”
The statement comes after Handala, an Iran-linked hacking group, earlier in the day claimed to have hacked Kash Patel’s account and had posted online what appear to be years-old photographs of him, along with a work resume and other personal documents. Many of those records appeared to be more than a decade old.
“Kash Patel, the current head of the FBI, who once saw his name displayed with pride on the agency’s headquarters, will now find his name among the list of successfully hacked victims,” said a message posted Friday from the group Handala.
The message was accompanied by more than half a dozen photos of Patel, including one of him standing beside an antique sports car and another showing him with a cigar in his mouth.
The group also said that it was making emails and other documents from Patel’s account available for download. Many of the records appeared to relate to his personal travels and business from more than 10 years ago.
Justice Department singles out Handala
It was not clear when the hack claimed by Handala might have occurred. Before Patel was confirmed as Director, news reports in December 2024 said the FBI had informed him that he had been targeted as part of an Iranian hack.
Earlier this month, Handala claimed credit for disrupting systems at Stryker, a Michigan-based medical technology company.
The pro-Iranian, pro-Palestinian hacking group said the attack was in retaliation for suspected U.S. strikes that killed Iranian schoolchildren. They’re a prominent example of the proxy groups that carry out cyber attacks on behalf of Iran.
Also Read: Iran Hackers Leak Private Photos After Hacking FBI Director Kash Patel
The Justice Department singled out Handala in an announcement last week in which it said it had seized four web domains tied to Iranian hacking schemes and the threatening of dissidents.
The Trump administration is offering a reward of up to $10 million for information leading to the identification of members of the Handala hacking group.
On Thursday, March 20, the DOJ announced the seizure of four Iranian state-linked domains, which it said were used to conduct cyber-enabled psychological operations and transnational repression.
Attorney General Pamela Bondi announced the seizure as part of a growing effort to neutralize Iran’s cyber threat to Americans, Israeli targets, and dissidents abroad.
According to Bondi, the seized websites — Justicehomeland[.]org, Handala-Hack[.]to, Karmabelow80[.]org, and Handala-Redwanted[.]to — were used by Iran’s Ministry of Intelligence and Security (MOIS) to claim credit for hacking operations, post sensitive stolen data, and incite violence against journalists, regime critics, and Israeli citizens.
“Terrorist propaganda online can incite real-world violence — thanks to our National Security Division and the U.S. Attorney’s Office for the District of Maryland, this network of Iranian-backed sites will no longer broadcast anti-American hate,” part of the statement reads.
Iranian cyber network disrupted
Bondi added that the domains, interconnected through shared leak sites and Iranian IP ranges, facilitated both destructive cyberattacks and “faketivist” operations designed to intimidate and manipulate public perception.
Also Read: $10 Million Reward Offered After US Disrupts Iranian Cyber Network
The DOJ noted that Iran’s MOIS had previously used its cyber infrastructure to target dissidents and journalists in the U.S., soliciting assistance from the Jalisco New Generation Cartel (CJNG) to carry out violence against identified targets.
One account associated with the Handala Hack network offered a $250,000 bounty in an email for the execution of specific dissidents.
“Iran, the leading state sponsor of terrorism worldwide, used the seized domains to dox and harass dissidents and journalists, incite violence against Jewish communities, and spread Tehran’s anti-American propaganda. NSD is committed to dismantling Iran’s cyberwarfare infrastructure,” Assistant Attorney General for National Security John Eisenberg stated.
In addition to the immediate domain seizures, the Rewards for Justice program is offering up to $10 million for information leading to the identification of individuals who, at the direction of foreign governments, engage in cyberattacks on U.S. critical infrastructure.





