Iran’s hackers didn’t breach the FBI’s servers — they just logged into Kash Patel’s personal inbox and leaked his 2010 vacation photos.
The Handala Hack Team, assessed by researchers to be a cut-out for Iran’s Ministry of Intelligence and Security (MOIS), posted a cache of Patel’s personal emails and photos after compromising the account. The leaked material spans 2010 and 2019, long before Patel became FBI director.
The FBI confirmed the compromise in a statement to Reuters, saying the data is “historical in nature and involves no government information.” The bureau added it has taken steps to “mitigate potential risks associated with this activity.”
Handala Hack, tracked under overlapping names including Banished Kitten and Void Manticore, has spent the past two years wiping Albanian government systems, breaching a Fortune-500 medical-device maker, and now trolling Washington’s top cop.
The group’s latest stunt arrives days after the U.S. seized four MOIS domains the Justice Department says were used to post stolen data and death threats against Iranian dissidents and Israeli citizens.
According to Check Point, Handala’s go to move is harvesting VPN credentials, then pivoting through RDP to drop twin wiper families — Handala Wiper and Handala PowerShell Wiper — via Group Policy logon scripts. Palo Alto Networks Unit 42 says the crew has shifted toward phishing Microsoft Intune admins and using stolen session tokens from info-stealer marketplaces.
Stryker, the medical-device giant, confirmed Handala wiped “thousands of employee devices” in a December attack confined to its internal Microsoft environment. The company says it dismantled the persistence tools and has restored service.
Flashpoint notes the group times its destructive campaigns to geopolitical flare-ups, preferring symbolic targets over financial gain. “Operations attributed to the persona frequently align with periods of heightened geopolitical tension,” the firm said.
Handala Hack has already re-emerged on new domains,
- justicehomeland[.]org
- handala-hack[.]to
- karmabelow80[.]org
- handala-redwanted[.]to
calling the U.S. domain seizures “desperate attempts… to silence the voice of Handala.” The U.S. is offering $10 million for information on the group’s members.