Iran-linked threat actors operating under the Handala Hack persona breached FBI director Kash Patel’s personal email and published historical photos and documents online. The group, assessed as tied to Iran’s MOIS and known for destructive wiper operations including the Stryker attack, leverages compromised VPNs, Microsoft Intune abuse, RDP lateral movement, Telegram C2, and wiper families to carry out disruptive campaigns. #HandalaHack #Stryker
Keypoints
- Handala Hack breached Kash Patel’s personal email and leaked historical messages and photos.
- Security firms assess Handala as an MOIS-linked persona that also operates as Banished Kitten, Cobalt Mystique, Red Sandstorm, Void Manticore, and Homeland Justice.
- The group commonly gains initial access via compromised VPN credentials, then abuses Intune, RDP, and admin tools to spread and deploy wipers.
- Handala conducted a destructive wiper attack against Stryker (first confirmed Fortune 500 wiper incident), which the company says was contained to its Microsoft environment.
- The U.S. seized multiple Handala-linked domains, offered a $10 million reward, and Microsoft/CISA have issued guidance to harden Intune and Windows defenses.
Read More: https://thehackernews.com/2026/03/iran-linked-hackers-breach-fbi.html