Kash Patel's Email Hacked by Handala Hack Team: What You Need to Know About Them

Cyber operatives connected to the Iranian government have accessed the personal email account of FBI Director Kash Patel, releasing a tranche of his private photographs and correspondence online.

The breach, initially reported by Reuters on Friday, marks a persistent escalation in digital espionage directed at senior United States officials. It follows repeated warnings from American intelligence agencies, which cautioned that Tehran-linked threat actors would likely launch retaliatory operations following coordinated US and Israeli military strikes in Iran last month.

Iranian Hackers Leak Kash Patel Personal Emails

A source familiar with the hack confirmed to CNN that the leaked materials were genuinely extracted from Patel's private account. The individual specifically verified the authenticity of multiple published photographs, noting that the images predate his confirmation as the director of the Federal Bureau of Investigation.

An initial review of the leaked files by CNN suggests the messages span roughly a decade, dating from 2011 to 2022. The stolen inbox contains a mix of business exchanges, travel details, and private conversations with various professional and personal contacts.

Screenshot of Handala Hack's full message regarding the hack of Kash Patel's personal email account. Handala Hack

Previous Cyberattacks Targeted Kash Patel And Others

This latest breach is not the first time foreign hackers have accessed Patel's private data. In late 2024, only weeks prior to his formal appointment to lead the FBI, federal officials notified Patel that he had been targeted in a state-sponsored cyber intrusion.

That earlier digital breach formed part of a broader intelligence-gathering campaign by foreign adversaries. Security agencies identified cyber operatives from both China and Iran as the architects of a wide digital dragnet aimed at officials preparing to enter the incoming administration. Alongside Patel, the 2024 hacking operation targeted the accounts of several prominent figures connected to Donald Trump, including Deputy Attorney General Todd Blanche, former interim US Attorney for the Eastern District of Virginia Lindsey Halligan, and Donald Trump Jr.

Iran Hackers Tie Latest Breach To Retaliation

The specific collective claiming responsibility for the current distribution of Patel's private correspondence possesses an established operational footprint within the US. Earlier this month, the same hacking network executed a digital assault that disrupted the commercial operations of a major American medical device manufacturer.

At the time of the medical supplier intrusion, the perpetrators publicly declared their actions were a direct retaliation for a missile strike on an Iranian elementary school. According to claims broadcast by Iranian state media, that particular bombing resulted in the deaths of at least 168 children. The Pentagon has publicly stated that it is actively investigating the circumstances surrounding the reported school strike.

1/3‼️ Handala Hack, the hacktivist group behind the data leak of senior engineers at Lockheed Martin and the 200,000-user Intune wipe of Stryker, has released personal photos and a document of current FBI Director Kash Patel on their public website and public Telegram channel. pic.twitter.com/iG3PhDrYOu
— Dark Web Informer (@DarkWebInformer) March 27, 2026

The US Department of Justice has formally attributed the hacking syndicate's activities to the Iranian government, accusing the operatives of working directly for Iran's Ministry of Intelligence and Security. Federal authorities had previously responded to the attack on the medical supplier by seizing multiple internet domains used by the network.

But the release of the FBI director's emails shows the group remains active despite US law enforcement action. The Iranian operatives continue to claim new targets, using the stolen information to spread state-aligned propaganda across global networks.

Who Are the Handala Hack Team?

The FBI has identified the perpetrators behind the recent disruptions as the Handala hacking collective, an operative group linked directly to Tehran's Ministry of Intelligence and Security. Active since autumn 2023, Handala initially focused its intelligence-gathering and hack-and-leak operations on dissidents and journalists before escalating to corporate sabotage, including a recent wiper attack on the US medical technology firm Stryker.

According to federal investigators, the group relies heavily on extensive target reconnaissance and social engineering. Hackers deploy multi-stage malware disguised as common applications such as WhatsApp or Telegram, establishing remote access to covertly extract screen captures, audio recordings and private files.