The U.S. has linked a hacktivist group to Iranian intelligence services. The group says it stole “personal and confidential information” from FBI Director Kash Patel, including emails, documents, and possibly private files. This attack could be the biggest cyberattack so far in the war between the U.S., Israel, and Iran.
An FBI spokesperson told Axios it is “aware of malicious actors targeting Director Patel’s personal email information” and that it has taken “all necessary steps to mitigate potential risks associated with this activity.”
The bureau spokesperson added that the “information in question is historical in nature and involves no government information.”
The Handala Hack Team, a group of pro-Iranian hackers, put up a few pictures on their website of Patel standing next to cars with Cuban license plates and smoking cigars.
The group also posted what they said was a part of an older version of his resume.
Axios reviewed many emails that Handala said were stolen and published. They only came from Patel’s personal Gmail account, not his official FBI account.
The conversations that leaked are from the early 2010s and don’t include any information about what the FBI is doing now. Some of the emails seem to have information about Patel’s trips from 2012 to 2019, such as receipts for flights, trains, and hotels.
Others are messages and pictures he sent and received from family members, talks about filing his own taxes, and information from leasing agents about different D.C. apartments that Patel wanted to rent more than ten years ago.
Handala says that the breach happened because the FBI took over a number of the hacker group’s domains last week.
The bureau did that after Handala said they were responsible for a cyberattack on the U.S. medical tech company Stryker.
“While the FBI proudly seized our domains and immediately announced a $10 million reward for the heads of Handala hack members, we decided to respond to this ridiculous show in a way that will be remembered forever,” the group wrote on its website.
Iran is known to use proxy groups like Handala for its cyber operations. This practice makes it harder for targeted groups to officially link attacks to the Iranian government.
Experts have said that the Iranian government will probably use both harmful cyberattacks on important infrastructure and online influence operations to cause confusion and chaos during the war.
President Trump on Sunday threatened to ramp up operations against Iran’s energy infrastructure if the regime failed to reach an acceptable peace deal soon, though he also hinted that such a deal is in the offing.
“The United States of America is in serious discussions with A NEW, AND MORE REASONABLE, REGIME to end our Military Operations in Iran,” Trump wrote on his Truth Social platform.
“Great progress has been made but, if for any reason a deal is not shortly reached, which it probably will be, and if the Hormuz Strait is not immediately ‘Open for Business,’ we will conclude our lovely ‘stay’ in Iran by blowing up and completely obliterating all of their Electric Generating Plants, Oil Wells and Kharg Island (and possibly all desalinization plants!), which we have purposefully not yet ‘touched,’” he added.
“This will be in retribution for our many soldiers, and others, that Iran has butchered and killed over the old Regime’s 47 year ‘Reign of Terror,’” Trump concluded.
Secretary of State Marco Rubio, meanwhile, said on Friday that U.S. military operations in Iran are expected to conclude within weeks as objectives are being met ahead of schedule. He made the remarks following meetings with foreign ministers from the Group of Seven nations in France.
Rubio said the timeline aligns with earlier projections from President Donald Trump and administration officials, who indicated operations would last between four and seven weeks. “It’s a question of weeks, not months,” Rubio said when asked about the timeline.
The comments come as the Trump administration has reportedly presented a 15-point proposal aimed at ending the conflict. Special envoy Steve Witkoff said he is “hopeful” talks could take place soon and that the proposal could resolve the war.
Trump said Friday he has paused a potential strike on Iranian power infrastructure to allow space for negotiations. “Iran is being decimated,” Trump said, adding, “We are talking now. They want to make a deal.”
The conflict, which began on Feb. 28 with joint U.S. and Israeli operations, has resulted in the deaths of several senior Iranian leaders.
Rubio said the U.S. has also deployed additional forces to the region to provide military options as the situation develops.