A hacking group backed by the Iranian government, known as Handala, announced on Friday that it breached the personal email account of FBI director Kash Patel. In a post on its website, the group shared several pictures of a younger Patel and provided a link to a cache of files that appear to originate from his personal Gmail account.
TechCrunch confirmed the authenticity of at least some of the leaked emails from Patel’s alleged Gmail account. This verification was done by examining the message headers, which contain information that helps confirm an email is genuine and not forged. Using a tool to check several emails from the leaked cache, TechCrunch found cryptographic signatures that matched the messages, strongly indicating they are authentic. In some instances, Patel appears to have sent emails from his official FBI email address to his personal Gmail account. Those emails from his FBI account also appeared to be genuine.
The FBI and Justice Department did not immediately respond to a request for comment. Reuters, which first reported the email leaks, stated that a Justice Department official confirmed the breach.
TechCrunch attempted to contact Kash Patel for confirmation by sending messages to the Gmail address revealed by the hackers and texting a cellphone number found in a resume allegedly belonging to him. There was no immediate response.
Since the U.S.-Israeli war against Iran began in February, the Iran-linked Handala group has increased its hacking activity. The group notably claimed responsibility for a destructive attack against medical technology giant Stryker, which wiped tens of thousands of employee devices. The hackers have also published the personal details of several individuals allegedly part of the Israeli Defense Forces and local defense contractors.
Following the Stryker hack, the FBI seized a number of Handala’s websites, though the group quickly reestablished its presence on new domains. U.S. prosecutors have formally accused Iran’s Ministry of Intelligence and Security of operating the Handala hacking group.
The hackers did not respond to TechCrunch’s request for comment, which was sent to a chat account publicized on their website and to an email address associated with the group that was published by the Justice Department.