Iranian-backed cyber attackers infiltrate the personal email accounts of FBI Director Kash Patel.

The FBI has confirmed that the personal email account of Director Kash Patel has been hacked by a group linked to Iran.

The group, known as the Handala Hack Team, posted Patel’s alleged resume and photos of him on their website Friday, accompanied by a message saying, "This is just our beginning."

The FBI acknowledged awareness of "malicious actors" targeting Patel's email, clarifying that the information exposed was "historical" and did not contain any government-related material.

The agency is offering a reward of up to $10 million for information leading to the identification of Handala group members.

Reports indicate that Iranian-backed hackers breached Patel's private emails back in 2024, weeks before his FBI appointment. It's unclear whether this recent breach by the Handala group is related to that earlier attack.

Photos purportedly taken from Patel’s hacked email are circulating on social media with the group's logo as a watermark. The images show Patel at various unknown locations, including by a vintage convertible, next to a jet, smoking cigars, taking selfies with alcohol, and posing in what seem to be restaurants or hotels.

Kaiser, a former FBI official, suggested that the photos seem dated, hinting the breach might be from an earlier attack and resurfaced now.

In a statement, the Handala group claimed they breached the FBI’s supposedly "impenetrable" systems within hours, mocking the US government's cybersecurity claims. "Is this the cyber giant that believes threats and bribes can silence resistance?" they said.

Experts explain that hacking personal accounts doesn't require the same level of sophistication as attacking government systems, making them a prime target for hackers. Dave Schroeder, a cybersecurity expert, noted that personal accounts lack the rigorous protection systems of government networks, making them attractive to groups like Handala.

Handala has previously targeted high-profile individuals and organizations. Last week, the US Justice Department seized several Handala-associated domains linked to hacking campaigns by Iran’s Ministry of Intelligence and Security (MOIS). These domains were used to spread propaganda, claim credit for hacks, and issue violent threats against journalists and dissidents.

Handala stated the breach of Patel’s email was retaliation for the FBI’s actions against their websites and the $10 million reward for information on similar attacks.

In March, Handala also claimed responsibility for a cyberattack on the US medical tech firm Stryker, where they defaced employee logins with a message about a "wiper" attack. The group claimed to have wiped over 200,000 systems and extracted 50 terabytes of data. They stated the attack was in response to the deadly attack on an Iranian girls' school during the war and ongoing cyber strikes against Iran and its allies.