Iran-Linked Hackers Publish 300+ Stolen Emails from FBI Director Kash Patel's Personal Account

A pro-Iranian hacking group published more than 300 emails allegedly stolen from FBI Director Kash Patel's personal Gmail account on Friday, the latest cyberattack tied to Iranian intelligence operations amid the ongoing 27-day war between the United States, Israel, and Iran. The group, known as Handala and described by cybersecurity researchers as a front for Iran's Ministry of Intelligence and Security, released the cache of emails and several unpublished photographs in what experts characterized as a strategic information operation timed to coincide with the conflict.

The FBI confirmed the breach in a brief statement Friday, asserting that "the information in question is historical in nature and involves no government information." An initial review of the released emails supports that characterization. The majority of the messages date to the period between 2010 and 2012, and include family correspondence, travel arrangements, and personal photographs. The most recent item in the cache is a 2022 plane ticket receipt. Cybersecurity experts reviewing the material noted that metadata in the emails indicates the account was compromised before the current Iran-Israel-U.S. conflict began in late February 2026, suggesting Tehran obtained the data months earlier and held it in reserve for strategic release at a moment of maximum political impact.

Patel, who was confirmed as FBI Director before Trump's second inauguration, had been warned by U.S. officials in late 2024 that Iranian operatives had targeted him as part of a broader campaign to harass and intimidate figures associated with the incoming Trump administration. That warning came during the transition period after Iran's Quds Force was linked to an assassination plot against Patel and other Trump associates. U.S. officials have long accused Iran of mounting aggressive cyber and influence operations against American officials, particularly those involved in counterterrorism and Iran policy, and the Handala group is believed to operate under direct direction from Tehran.

Handala has been active since at least 2023, when it claimed responsibility for cyberattacks on Israeli infrastructure following the October 7 Hamas attacks. Cybersecurity firms including CrowdStrike have assessed the group to be a state-linked Iranian operation, using a range of intrusion techniques including spear-phishing and credential theft. Publishing the Patel material on Day 27 of the war follows a pattern of Iranian information operations designed to embarrass U.S. officials and undermine domestic support for the conflict. Earlier releases by Handala have targeted Israeli defense officials and Gulf state business leaders.

The FBI said it has "taken all necessary steps to mitigate potential risks" following the breach. The State Department, which maintains an active reward program for information on Iranian cyber operatives, offers up to $10 million for information leading to the identification or location of hackers who target U.S. critical infrastructure. Cybersecurity analysts noted that the limited sensitivity of the published material — primarily personal emails from more than a decade ago — may limit its immediate impact. However, analysts warned that Iran likely holds additional cached data from other officials for future release at strategically chosen moments, using the war as an accelerant for a broader information campaign. The incident underscores how thoroughly the Iran conflict has extended beyond kinetic military operations into the digital domain, with American officials' personal accounts now actively weaponized as instruments of foreign policy.