The US-Israeli conflict with Iran is also seeing a cyber warfare waged against the US, with the pro-Iranian hacking group known as the Handala Hack Team claiming to have breached the personal Gmail account of FBI Director Kash Patel. The hacker group published years-old personal photographs of a younger Patel, along with what appears to be his resume and a cache of historical emails dating mostly from before 2019.
The media independently verified portions of the leaked material through message headers and cryptographic signatures, confirming that the emails actually originated from Patel’s personal Gmail account. Some of the leaked emails also included ones forwarded from his earlier Justice Department address.
The FBI, however, quickly responded, stating the information is “historical in nature and involves no government information.” No classified or current national security data was exposed.
The hackers claimed that the breach was a direct retaliation after the FBI seized several of Handala’s domains earlier in March 2026, which came amidst the US government’s announcement of a bounty.
In a statement on their website, Handala declared, “Kash Patel… will now find his name among the list of successfully hacked victims. This is just our beginning.”
The Handala Hack Team and its origins
The Handala Hack Team was known to have surfaced in public in late 2023, shortly after the Hamas attacks on Israel on October 7. The group initially presented itself as a pro-Palestinian hacktivist collective. The group takes its name and imagery from the iconic Palestinian cartoon character Handala, created by Naji al-Ali, which symbolises resistance and defiance.
Despite the hacktivist branding, multiple cybersecurity firms and Western intelligence assessments, including those from Check Point, Palo Alto Networks Unit 42, and others, attribute Handala to Void Manticore (also tracked as Red Sandstorm, Banished Kitten, or Storm-0842) – a threat actor linked to Iran’s Ministry of Intelligence and Security (MOIS). The US authorities have officially confirmed the connection, describing Handala as an instrument of Iranian cyber-enabled psychological operations.
The group has operated under various personas and is believed to function as a front for a specialised MOIS cyber unit that focuses on destructive attacks, data theft, and influence campaigns. It has conducted hack-and-leak operations, wiper-style disruptions, and targeted doxing, often blending technical intrusions with propaganda to embarrass or intimidate the enemies of the Iranian regime.
Handala’s recent activities and escalation
Handala’s activity surged by a huge degree following the outbreak of direct US-Israeli military actions against Iran in late February 2026. The group became a headline sensation when on March 11, it claimed to have carried out a destructive cyberattack on US medical technology giant Stryker. Handala claimed to have wiped data from thousands of devices (reports varied between 80,000 and over 200,000 systems) across the company’s global operations by abusing Microsoft Intune management tools, and there was no traditional malware or ransomware involved. The attack was presented as retaliation for alleged US strikes on Iranian targets, including a school in Minab.
The Handala Hack Team has also targeted Israeli organisations, energy firms, healthcare networks, and individuals linked to defense or perceived as regime opponents.
Its commonly used tactics include:
– Data exfiltration followed by public leaks,
– Placement of bounties on targets (such as cash rewards for information on Israeli air defense engineers or calls for violence against dissidents)
– Psychological operations designed to instill fear and division.
In response to Handala’s growing exposure, the FBI and Justice Department have seized several of the group’s leak and propaganda domains. The US government is now offering up to $10 million through the ‘Rewards for Justice’ program for information leading to the identification, arrest, or location of Handala members or associated individuals.
The breach of FBI Director Patel’s personal email, which, while related to old non-sensitive material, highlights Handala’s strategy – targeting high-profile figures for maximum propaganda value rather than stealing current secrets. Cybersecurity experts describe the group as opportunistic yet increasingly disruptive, capable of causing real operational damage while amplifying geopolitical messaging.