An Iranian government-backed hacking group called “Handala” said Friday it had breached FBI Director Kash Patel’s personal email account.
In a post on her website, Handala included several photos of a visibly younger Patel, as well as a link to a cache of files that appear to have come from Patel’s personal Gmail account.
“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate the potential risks associated with this activity,” an FBI spokesperson told TechCrunch. “The information in question is historical in nature and does not include government information.”
The FBI also said it was offering up to $10 million in rewards for information related to the Handala hackers.
TechCrunch confirmed that at least some of the leaked emails from Handala came from Patel’s purported Gmail account by verifying the information contained in the message headers. These message headers contain information from the sender that helps email delivery systems confirm that an email is authentic and not spoofed.
We used a tool to verify several emails in the cache of the leaked files sent by Patel from his Gmail account. These emails contained cryptographic signatures that matched the messages, which strongly suggests that the emails we checked are authentic. In some cases, Patel appears to have sent emails from his former Justice Department email address in 2014 to his Gmail account. TechCrunch found that emails sent from Patel’s DOJ account also appeared to be authentic.
The files in the leaked cache appear to date back to around 2019.
The Justice Department did not immediately respond to a request for comment.
Reuters, first mentioned the leaked emails, a Justice Department official said confirmed the breach.
Contact us
Do you have more information about this alleged breach of Kash Patel? From a non-working device, Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or via email.
TechCrunch sent messages seeking confirmation to Patel’s Gmail email address exposed by the hackers, as well as a text message to a mobile phone number listed on a resume purportedly belonging to Patel. We didn’t hear back right away.
Since the US-Israeli war against Iran began in February, Iran-linked Handala has stepped up its intrusions, most notably claiming responsibility for a devastating attack against medical technology giant Stryker that wiped out tens of thousands of employee devices. The hackers have also published the personal information of several people who allegedly belong to the Israel Defense Forces and local defense contractors.
After the Stryker hack, the FBI seized a handful of Handala websites, which quickly came back online in new domains. US prosecutors have formally accused Iran’s Ministry of Intelligence and Security (MOIS) of operating the Handala group.
The hackers did not respond to TechCrunch’s request for comment sent to a chat account the hackers make public on their website, as well as an email address belonging to the group published by the Department of Justice.
Updated to include a statement from the FBI and corrected the fourth paragraph to note that the emails were sent from Patel’s DOJ email address, not the FBI email address. ZW.
