FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers

securityweek.com · thunderbong · 11 days ago · view on HN · news
quality 9/10 · excellent
0 net
Tags
aws bug-bounty exploit facebook google malware
FBI Confirms Kash Patel Email Hack as US Offers $10M Reward for Hackers - SecurityWeek SECURITYWEEK NETWORK: Cybersecurity News Webcasts Virtual Events ICS: ICS Cybersecurity Conference Connect with us Hi, what are you looking for? The FBI has confirmed that threat actors have gained access to an email account belonging to FBI Director Kash Patel, but said no government information has been compromised. The Iran-linked hacker group Handala on Friday claimed to have hacked Patel’s email account , releasing files allegedly representing photos, emails, and classified documents taken from the FBI director’s inbox. “The so-called ‘impenetrable’ systems of the FBI were brought to their knees within hours by our team,” the hackers wrote. However, the account does not appear to be hosted on FBI systems; it is a personal Gmail account. In addition, the stolen information does not seem to be recent. It’s unclear when the account was hacked, but it may have been one of the many targeted by Iranian hackers back in 2024 as part of an operation targeting Donald Trump’s presidential campaign. In a statement to the media the FBI said it’s aware of “malicious actors targeting Director Patel’s personal email information,” noting that steps have been taken to mitigate potential risks. Advertisement. Scroll to continue reading. The agency also pointed out that the information stored in the hacked email account is “historical in nature and involves no government information”. The Handala group claims to be an anti-Israel and anti-US hacktivist group, but is widely believed to be a persona used by the Iranian government to conduct cyberattacks and information operations. The group recently caused significant disruptions to US medtech giant Stryker after hacking into its systems and wiping thousands of devices. However, some of their other claims are difficult to verify or seem exaggerated or false. Handala’s claims that it hacked Patel’s email account came shortly after the FBI announced the seizure of several domains used by the group, and the US government officially stated that Handala operates under the direction of Iran’s Ministry of Intelligence and Security (MOIS). The US has been offering up to $10 million for information on foreign hackers who target critical infrastructure, but on Friday the State Department specifically offered rewards for information on the Iranian threat groups Parsian Afzar Rayan Borna and Handala. Related : Iranian Hackers Target Defense and Government Officials in Ongoing Campaign Related : Impostor Uses AI to Impersonate Rubio and Contact Foreign and US Officials Related : Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Healthcare IT Platform CareCloud Probing Potential Data Breach European Commission Reports Cyber Intrusion and Data Theft CISA Flags Critical PTC Vulnerability That Had German Police Mobilized Alleged RedLine Malware Administrator Extradited to US Dell and HP Roll Out Quantum-Resistant Device Security Russian Cybercriminal Gets 2-Year Prison Sentence in US US Prisons Russian Access Broker for Aiding Ransomware Attacks HackerOne Employee Data Exposed in Massive Navia Breach Latest News Censys Raises $70 Million for Internet Intelligence Platform The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Stolen Logins Are Fueling Everything From Ransomware to Nation-State Cyberattacks Venom Stealer Raises Stakes With Continuous Credential Harvesting TeamPCP Moves From OSS to AWS Environments CrewAI Vulnerabilities Expose Devices to Hacking Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption Exploitation of Critical Fortinet FortiClient EMS Flaw Begins Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move Moderna has promoted Farzan Karimi to Deputy Chief Information Security Officer. Brian Goldfarb has been appointed Chief Marketing Officer at SentinelOne. Token has appointed Katy Nelson as Chief Revenue Officer. More People On The Move Expert Insights The Next Cybersecurity Crisis Isn’t Breaches—It’s Data You Can’t Trust Data integrity shouldn’t be seen only through the prism of a technical concern but also as a leadership issue. (Steve Durbin) Why Agentic AI Systems Need Better Governance – Lessons from OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle with Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Flipboard Reddit Whatsapp Whatsapp Email Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time. Close
← Back to stories