On March 27, 2026, Handala — the Iran-linked hacktivist group assessed by Palo Alto Networks and the DOJ to be a persona operated by Iran's Ministry of Intelligence and Security (MOIS) — publicly claimed to have breached the personal Gmail account of FBI Director Kash Patel, publishing more than 300 stolen emails, photographs, and documents. The FBI confirmed the breach in a public statement, noting that "the information in question is historical in nature and involves no government information." The Department of State's Rewards for Justice program simultaneously announced a $10 million reward for information leading to identification of Handala members.
The published materials consisted primarily of personal correspondence, travel receipts, apartment search records, and family photos spanning roughly 2011 to 2022 — predating Patel's appointment to lead the FBI. No current operational or classified FBI information was contained in the dump. The FBI characterized the group's portrayal of a breach of "impenetrable FBI systems" as a distortion, clarifying that no government networks were accessed.
The attack was framed by Handala as direct retaliation for a March 19, 2026 DOJ and FBI operation that seized four internet domains affiliated with Handala and Iran's Ministry of Intelligence and Security, which the Justice Department characterized as infrastructure for "hack-and-leak" psychological operations and cyberattacks against U.S. government officials and Iranian dissidents abroad. In a Telegram post prior to the leak, Handala warned that "the FBI shouldn't have started a confrontation and conflict with us" and promised to release evidence of "the biggest security breach of the past decade."
This incident follows Handala's March 11 wiper attack on Stryker Corporation — the most operationally significant Iranian destructive cyberattack on U.S. infrastructure since Operation Epic Fury began — and represents an escalating pattern of Iranian cyber operations designed to target, embarrass, and degrade U.S. government institutions and law enforcement leadership as asymmetric leverage during the active military conflict.
// Source
📰 CNN Read Full Story →ThreatMap USA summarizes publicly available reports for informational purposes. See our disclaimer.
// Incident Details
| Incident Date | 2026-03-27 |
| County | District of Columbia |
| State | DC |
| Severity | High |
| Incident Type | Cyberattack, International |
| Published | April 5, 2026 |
| Source | CNN |