FBI confirms hackers targeted Director Kash Patel’s personal emails

The FBI on Friday confirmed that hackers targeted the personal emails of Director Kash Patel, hours after an Iranian government-linked hacking group posted documents and images online, claiming to have stolen them from Patel.

In a statement, the FBI confirmed the agency was “aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity.”

“The information in question is historical in nature and involves no government information,” the FBI added. The statement did not include details on who was behind the attack. “The FBI will continue to pursue the actors responsible, support victims, and share actionable intelligence in defense of networks,” it said.

Earlier in the day, Iran-linked hacking group Handala claimed to have hacked Patel’s email and published several pictures of the director, including one showing him brandishing a cigar and another that appears to be his personal resume. Most emails are dated between 2012 and 2014, though there is at least one from 2022, according to files posted by Handala on Telegram and reviewed by POLITICO.

In a post on Thursday, also reviewed by POLITICO, Handala claimed to have breached an FBI network, but did not provide details on what information may have been accessed.

Handala has recently been linked to a high-profile cyberattack against a U.S. company. Last week, the DOJ said the group was responsible for a hack of Michigan-based medical device manufacturer Stryker, which wiped roughly 200,000 devices and exfiltrated large amounts of data from the company.

The hacker collective also claimed this week to have stolen the names and other details of two dozen employees of U.S. defense contractor Lockheed Martin. Jalen Drummond, vice president of corporate affairs and international communications at Lockheed Martin, said in a statement on Thursday night that “there is no evidence indicating an impact to Lockheed Martin systems, operations or data at this time.”

The Justice Department has tied Handala hackers to Iran’s Ministry of State Security and offered a $10 million bounty for any information about them.

One DOJ official, granted anonymity because they were not authorized to speak publicly about the apparent breach, said the material posted about Patel by the group appears credible. Spokespeople for the DOJ did not immediately respond to a request for comment.

The targeting of Patel’s emails indicates that Iranian hackers are likely still seeking to disrupt the U.S. and its allies as the Iran war stretches into its second month, despite efforts to limit these capabilities. The Israeli Defense Forces said early this month that they struck Iran’s cyber warfare headquarters and intelligence directorate.

It also marks the second cyber intrusion aimed at the FBI and its leaders in recent weeks.

Earlier this month, senior FBI officials informed Congress that a surveillance system used in law enforcement investigations was compromised by unspecified hackers. Two senior Trump administration officials, granted anonymity to discuss details of the hack that have not yet been made public, confirmed to POLITICO that China is suspected to be behind the breach.