Iranian hackers claimed Friday to have compromised the personal data of FBI Director Kash Patel, and the bureau confirmed that it knew of the targeting of Patel’s personal email.

The government-connected hacking group, Handala, previously claimed credit for hacking medical device maker Stryker, a boast that threat researchers considered credible.

“All personal and confidential email of Kash Patel, including emails, conversations, documents, and even classified files, is now available for public download,” Handala — also known as Handala Hack — said.

The group said it did so in response to the FBI seizing its domains and the U.S. government offering a $10 million reward for information on members of the group.

The FBI noted that Handala frequently targets government officials, and challenged elements of Handala’s claims, such as that it had brought the FBI’s systems “to its knees,” rather than Patel’s own email.

“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” the FBI said in response to questions from CyberScoop. “The information in question is historical in nature and involves no government information.”

The activist group Distributed Denial of Secrets published what it said was Patel’s email cache.

The FBI pointed to the State Department’s reward program seeking information on members of Handala.

“Consistent with President Trump’s Cyber Strategy for America, the FBI will continue to pursue the actors responsible, support victims, and share actionable intelligence in defense of networks,” it said. “We encourage anyone who experiences a cyber breach, or has information related to malicious cyber activity, to contact their local FBI field office.”

The post Iranian hackers, Handala, claim to compromise FBI Director Kash Patel’s personal data appeared first on CyberScoop.

The State Department is seeking help to locate a pair of hackers allegedly working for Shahid Shushtari, a malicious cyber unit operating under Iran’s Revolutionary Guard Corps Cyber-Electronic Command. Officials are offering a reward up to $10 million for information about Mohammad Bagher Shirinkar and Fatemeh Sedighian Kashi.

“Help us take the smile off their faces,” the State Department’s Rewards for Justice program posted in a bulletin about the reward on social media last week. 

Shahid Shushtari has targeted multiple critical infrastructure operations, causing financial damage and disruption to businesses and government agencies spanning the news, shipping, travel, energy, financial and telecom sectors in the United States, Europe and the Middle East, officials said. 

The pair are accused of maintaining a close relationship planning and conducting cyberattacks of interest to the Iranian government. 

“Shahid Shushtari is the latest name for Emennet Pasargad which has undergone several front company renames over the last few years,” said Josh Atkins, tech leader of Middle East threat operations at Google Threat Intelligence Group, which tracks the group as UNC5866.

The unit, which is allegedly overseen by Shirinkar, was also previously known as Aria Sepehr Ayandehsazan, Ayandeh Sazan Sepehr Arya, Eeleyanet Gostar and Net Peygard Samavat Co.

Members of the unit allegedly targeted the U.S. presidential election with a multi-faceted campaign that got underway in August 2020, officials said. The unit has also conducted cyberespionage operations, including attacks that used a false-flag persona, the State Department said.

“Target industries are typically government but we’ve seen them target finance, healthcare, tech and generally anything of interest to the regime,” Atkins said. 

The Treasury Department previously designated Emennet, which it was known as at the time, and six of its members in late 2021 for sanctions related to the group’s efforts to influence the 2020 U.S. presidential election. 

The group, which is also tracked as Cotton Sandstorm and Haywire Kitten, has been active since 2018 and exhibited new tradecraft in preparation for future influence operations in 2023, the FBI, Treasury Department and Israel National Cyber Directorate said in a joint cybersecurity advisory in late 2024. 

“Operational tempo from UNC5866 is consistent with the last few years. They’ve been active in both phishing and malware delivery operations at a fairly consistent pace since 2020,” Atkins said.

“There are several groups like this,” he added “The Iranian regime operates a number of contractors and while we believe that some elements of the regime operate under priorities with a longer horizon, IRGC and its contractors tend to be more reactive in nature, demonstrated by their rapidly evolving tradecraft.”

The post Officials offer $10M reward for information on IRGC-linked leader and close associate appeared first on CyberScoop.