What is Handala Group? Iran linked hackers breach Kash Patel’s personal emails

Iran-linked Handala hackers claim breach of FBI Director Kash Patel’s email, with officials confirming authenticity of leaked data, raising fresh concerns over cybersecurity vulnerabilities globally.

Written by FE Global Desk

Updated: March 27, 2026 21:38 IST

Images posted by the Handala Group telegram channel, attaching proof showcasing that they have successfully hacked the personal gmail account of FBI director Kash Patel.

Iran-linked hackers, identified as the Handala Hack Team, publicly claimed to have breached the personal email inbox of FBI Director Kash Patel. The group published photographs of Patel and other documents online, stating that Patel is now among their “successfully hacked victims.”

As per reports published by Reuters, a senior Department of Justice (DOJ) official has recently confirmed the security breach, stating that the materials released online “appear authentic.” The incident marks a high-profile retaliatory strike against a top U.S. national security official.

The incident has further attracted more attention because of its sensitive timing. Notably the hack follows Tehran’s rejection of US’s 15 point peace plan for the ongoing war in the middle east. As per reports by agencies, an estimated 3500 individuals have been killed as a result of the wider war in Gulf which was instigated by a ‘pre-emptive’ strike launched by US and Israel on Iran.

Western researchers interviewed by Reuters consider Handala to be one of several personas utilized by Iranian government cyberintelligence units, which recently claimed another hack on medical devices provider Stryker. According to a report published by Reuters, the personal Gmail address matches one previously linked to Patel in other data breaches, with the content appearing to be a mix of personal and work correspondence from 2010 to 2019.

The Handala Group: A MOIS-Linked ‘Persona’

Cybersecurity researchers from Palo Alto Networks’ Unit 42 and Check Point Research identify “Handala” as an online persona utilized by Void Manticore (also known as Storm-0842 or Banished Kitten). The group is widely assessed to be an operational arm of Iran’s Ministry of Intelligence and Security (MOIS).

As per reports published by local US media outlets, unlike traditional ransomware groups focused on financial gain, Handala’s operations are characterized by:

Destructive Wipers: Using malware designed to permanently erase data rather than encrypt it for ransom.
Psychological Operations: Defacing victim systems with political manifestos and “hack-and-leak” campaigns to damage reputations.
Persistent Targeting: Previous campaigns have targeted the Albanian government and Israeli infrastructure.

Notably the hack came to light after the hackers braggingly posted about their ‘achievement’ on their Telegram handle. The hackers posted the files on their dedicated leak site, mockingly stating that the FBI Director “will now find his name among the list of successfully hacked victims.”

Security analysts interviewed by Reuters warn that the “Handala” persona is being used to signal that no U.S. official or infrastructure is beyond the reach of Tehran’s cyber-intelligence units. As the physical war continues, the digital battlefield is seeing a shift from quiet espionage to high-visibility, destructive strikes aimed at the heart of the American security establishment

This article was first uploaded on March twenty-seven, twenty twenty-six, at eight minutes past nine in the night.