Western analysts linked a cyber group to an Iranian intelligence agency to the intrusion into the personal email account of FBI Director Kash Patel, who published an online message with a $50 million reward for threats against President Donald Trump and Israeli PM Benjamin Netanyahu.
The hackers identified themselves as the Handala Hack Team, and they claimed to have gotten emails, photos and documents belonging to the personal Gmail account of Patel. Part of the content was posted online, as well as the declarations that the intrusion was in retaliation for the U.S. actions against Iranian cyber activities.
The officials of the U.S. confirmed to Reuters that the personal account of Patel was compromised, but no government systems of the federal government were hacked. The FBI has stated that malicious actors had compromised the personal email account of Director Kash Patel, and it has implemented measures to avoid security risks. "The FBI is aware of malicious actors targeting Director Patel's personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity. The information in question is historical in nature and involves no government information," it said.
The extent and legitimacy of the material that is leaked are still being investigated by authorities. Investigation and U.S. reaction to the cyberattack by the FBI.
FBI investigation and U.S. response to the cyberattack
The issue rapidly attracted notice within the U.S. national security community since Patel is the head of the FBI, the most effective domestic law enforcement and domestic intelligence agency.
The hackers leaked a limited number of emails and personal photos, which seemed to have been years older than when Patel took the office of director of the FBI. The reporting that was based on the leaked files showed that a lot of messages were related to personal travel or business-related issues and not messages issued by the government.
The FBI has not publicly described the technical means by which it was breached. The attack came at a time when there was increased cyber tension between Washington and Tehran.
Officials in the U.S. Department of Justice confirmed that investigators were examining how the account was compromised and whether any sensitive information was exposed. The FBI has not publicly detailed the technical method used in the breach.
Previously, in March, the U.S. Department of Justice declared that it had seized a number of domains that were reportedly operated by the Ministry of Intelligence and Security (MOIS) of Iran to carry out cyber operations and propaganda against Western countries.
Soon after the Patel breach was revealed, the Rewards for Justice Program of the U.S. State Department, which pays to get information about danger to national security, went up to $10 million to get information that identified members of the Handala group.
The Handala Hack Team and the $50 million threat message
The hackers made the event more serious by sending another online message mentioning a $50 million bounty on Trump and Netanyahu. Such statements, analysts of the security-industry said, are frequently aimed as a form of psychological operation to gain attention and amplify political messages but are not meant to establish a true payment system.
The group is named after the political symbol of Palestinian activism, which is called Handala. Western researchers dealing with cybersecurity monitor the organization using various names such as Void Manticore, Red Sandstorm and Banished Kitten.
Analysts confirm that the group has repeatedly conducted hack-and-leak operations, which are intended to embarrass or pressure political targets, as opposed to making a complex espionage operation.
Handala, as a fictitious online identity, was previously characterised by the U.S. Department of Justice as a means to hide cyber activity that is affiliated with the intelligence services of Iran. Increasing computer pressure concerning political tensions.
Rising cyber pressure around geopolitical conflicts
Usually such cybersecurity attacks involve data leakages, propaganda pronouncements and web threats to make news and develop political pressure, also known as "Attention-Grabbing" method.
Handala has already purported to have carried out cyberstrikes on Israeli institutions and a large American medical technology firm, which security experts indicated were likely revenge-related to the Middle East conflict. The investigators are yet to establish whether the hackers have gained access to other unpublished information from Patel's email.
