Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s | WIREDSkip to main contentMenuSECURITYPOLITICSTHE BIG STORYBUSINESSSCIENCECULTUREREVIEWSMenuAccountAccountNewslettersSecurityPoliticsThe Big StoryBusinessScienceCultureReviewsChevronMoreExpandThe Big InterviewMagazineEventsWIRED InsiderWIRED ConsultingNewslettersPodcastsVideoLivestreamsMerchSearchSearchAndy Greenberg Dell Cameron Lily Hay Newman Andrew CoutsSecurityMar 27, 2026 3:45 PMSecurity News This Week: Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’sPlus: Apple makes big claims about the effectiveness of its Lockdown Mode anti-spyware feature, Russia moves to implement homegrown encryption for 5G, and more.Photograph: Bloomberg/Getty ImagesCommentLoaderSave StorySave this storyCommentLoaderSave StorySave this storyAs the United States-Israel war with Iran barrels into its second month, President Donald Trump is reportedly plotting a potential mission to send US special forces into the country to take Tehran’s enriched uranium. Experts WIRED spoke to say such a plan would be extremely risky, likely putting the lives of troops in peril with a low chance of success.Since the war with Iran started at the end of February, a mysterious radio station has been broadcasting seemingly random numbers in Persian. It’s unclear who is running the so-called number station, or who its intended audience is. But many speculate that it’s an intelligence operation using cipher technology that dates back more than a century.In addition to the conflict with Iran, WIRED explored combat from many angles with our War Machine package of coverage, including the saga of one teenager who went missing amid the destruction of Gaza, the Kafkaesque challenges Palestinians face when they’re unable to get a death certificate for a loved one, a family forced into hiding over fears of US immigration agents, a peek inside the challenges at Anduril as it attempts to disrupt the defense industry, and more.Beyond the many battles, WIRED revealed how one small New Hampshire town is having its police department’s salaries and other costs covered by Immigration and Customs Enforcement. Nearly a thousand other police departments around the US appear to be doing the same thing.Think using a VPN gives you more privacy? Think again. A letter from US lawmakers this week questioned director of national security Tulsi Gabbard over whether US surveillance authorities allow the National Security Agency to target people who use a VPN. Due to the ways in which US law allows the targeting of people outside the US, it may not even matter if the VPN you use connects to servers overseas.Also this week, WIRED published an excerpt from author Andrew Guthrie Ferguson’s new book, Your Data Will Be Used Against You, about the ways in which fitness trackers and biometric surveillance are further degrading your right to privacy.Finally, the United Kingdom imposed sanctions against Xinbi Guarantee, a black market that researchers estimate has facilitated $20 billion in illicit sales. Xinbi, like other markets linked to the global scamming industry, operated on Telegram, where it managed to evade previous bans. It’s unclear whether the new sanctions will negatively impact its business in the long run.That’s not all! Each week we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines (except the one that has no link) to read the full story. And stay safe out there.Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’sThe Iranian hacker group Handala—perhaps the most public and chaotic face of Iran’s efforts at cyber retaliation in the midst of the US and Israeli war against the country—today announced it had hacked an email account belonging to FBI director Kash Patel. “The so-called ‘impenetrable’ systems of the FBI were brought to their knees within hours by our team,” the group wrote in a statement on its website.The first of those claims appears to be true: A collection of emails posted to the hackers’ site and labeled with the name of Patel’s apparent Gmail address appears to contain years of Patel’s messages and photos, from hotel reservations and business deals to photos of his travels and his family, mostly dated from 2010 to 2019. A Justice Department official confirmed to Reuters that Patel’s email had been breached, and that the leaked emails appeared to be real.Handala’s second claim, however—that it hacked the FBI—seems, for now, to be fiction. All evidence points to Handala having breached Patel’s older, personal Gmail account. Widely believed to be a “hacktivist” front for Iran’s intelligence agency the MOIS, Handala suggested on its website that the emails contained classified information, but the messages initially reviewed by WIRED didn’t appear to be related to any government work. TechCrunch did find, however, that Patel appears to have forwarded some emails from his Justice Department email account to his Gmail account in 2014.Handala, which cybersecurity experts have described to WIRED as an “opportunistic” hacker group whose cyberattacks and breaches are often calculated more for their propaganda value than their tactical impacts, has nonetheless made the most of Patel’s embarrassing breach. “To the whole world, we declare: the FBI is just a name, and behind this name, there is no real security,” the group wrote in its statement. “If your director can be compromised this easily, what do you expect from your lower-level employees?”Handala Hackers Put $50 Million Bounty on Trump and Netanyahu’s HeadsFor further evidence of Handala’s bombastic rhetoric, look no further than another post on its website earlier this week (we’re intentionally not linking to it) that offered a $50 million bounty to anyone who could “eliminate” US president Donald Trump and Israeli prime minister Benjamin Netanyahu. “This substantial prize will be awarded, directly and securely, to any individual or group bold enough to show true action against tyranny,” the hackers’ statement read, along with an invitation to any would-be assassins to reach out via the encrypted messaging app Session. “All our communication and payment channels utilize the latest encryption and anonymization technologies, your safety and confidentiality are fully guaranteed.”That bounty, Handala explained, was posted in answer to a statement about Handala published on the US Department of Justice website last week that offered $10 million for information leading to the identity or location of anyone who carries out “malicious cyber activities against US critical infrastructure” on behalf of a foreign government.“Our message is clear: If you truly have the will and the power, come and find us!” Handala wrote in its response. “We fear no challenge and are prepared to respond to every attack with even greater force.”In yet another post on its website this week, Handala also claimed to have doxed 28 engineers at military contractor Lockheed Martin working in Israel and threatened them with personal harm if they didn’t leave the country within 48 hours. When WIRED tried calling the phone numbers included in Handala’s leaked data, however, most of them didn’t work.4 Years in, Apple’s Pegasus-Killer Remains Undefeated, Company SaysApple says no device with its Lockdown Mode security feature enabled has ever been successfully compromised by mercenary spyware in the nearly four years since its launch. Amnesty International’s security lab head, Donncha Ó Cearbhaill, also says his team has seen no evidence of a successful attack against a Lockdown Mode–enabled iPhone. And Citizen Lab, which has documented several successful spyware attacks against iPhones, says none involve a Lockdown Mode bypass, while in two cases its researchers found the feature actively blocked attacks against NSO Group’s Pegasus and Intellexa’s Predator. Google researchers, meanwhile, found one spyware strain that simply abandons infection attempts when it detects the feature is enabled.Lockdown Mode works by disabling commonly exploited iPhone features, such as most message attachment types and features like links and link previews. Incoming FaceTime calls are blocked unless the user has previously called that person within the past 30 days. When the iPhone is locked, it blocks connections with computers and accessories. The device will not automatically join nonsecure Wi-Fi networks, and 2G and 3G support is disabled. Apple has also doubled bounties for researchers who detect any Lockdown Mode bypass, with payouts up to $2 million.Security researcher Patrick Wardle tells TechCrunch that Lockdown Mode is the most aggressive consumer-facing hardening feature ever shipped, noting that it eliminates entire exploit classes instead of patching individual flaws. Apple has reportedly sent spyware notifications to users in 150 countries. While it remains possible a bypass has gone undetected, Amnesty and Citizen Lab backing up Apple’s claims is a strong sign the feature is working as intended.Russia Is Planning to Use Its Own Encryption for 5GA proposed Russian law currently moving through the country’s legislative process would require that telecoms implement an encryption algorithm developed in Russia for all domestic 5G mobile networks. If the bill succeeds, all 5G mobile devices sold in Russia would need to support the homegrown encryption, known as NEA-7, to be able to connect to 5G. The bill includes a provision to phase out support for foreign algorithms by 2032—including the US’s AES, China’s ZUC, and the EU’s SNOW. The law seems focused, at least in part, on making it harder for Ukrainian drones (or those of other enemies) to use Russian SIM cards to aid infrastructure targeting. It also fits into the Kremlin’s years-long effort to isolate and exert control over the Russian internet. If passed, though, the law could severely hinder 5G expansion in Russia given that there currently isn’t cell tower equipment that supports NEA-7.33 Data Brokers Admitted They Sell Americans’ Data to China, Russia, and IranThe California Privacy Protection Agency updated its data broker registry on Tuesday with a concerning revelation: At least 33 data brokers self-reported selling or sharing Californians’ personal information with entities in China, Russia, North Korea, or Iran—the four nations California’s data broker law treats as foreign adversaries. (The registry doesn’t distinguish between sales to those nations’ governments and sales to private companies headquartered or incorporated there.)The registry is significant even for users throughout the US, as California is the only state that statutorily requires this disclosure. China, Russia, North Korea, or Iran all have legal frameworks that can compel domestic companies to share data with state intelligence services, and all are active cyber adversaries of the United States. The US government considers even routine commercial data sales to private entities in those jurisdictions to be a national security risk.Named companies include Cision, CoStar, Epsilon, HubSpot, Healthcare Inc., and Moody's, among others. Some of the 33 brokers have since claimed they incorrectly declared their own sales to entities in those countries on their filings, but as the Electronic Privacy Information Center noted, the reporting errors could cut both ways: If some brokers overstated their foreign sales, others may have understated theirs.CommentsBack to topTriangleYou Might Also LikeIn your inbox: Upgrade your life with WIRED-tested gearNvidia plans to launch an open-source AI agent platformBig Story: He built the Epstein database—it consumed his lifeShould you leave your phone charging overnight?Watch: How right wing influencers infiltrated the governmentWritten by WIRED StaffTopicssecurity roundupencryptioncybersecuritysecurityhackingFBIprivacyappleRussiaIranRead MoreA Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and CriminalsA highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government.Andy GreenbergHundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the WildA powerful iPhone-hacking technique known as DarkSword has been discovered in use by Russian hackers. It can take over devices running iOS 18 that simply visit infected websites.Andy GreenbergHow ‘Handala’ Became the Face of Iran’s Hacker CounterattacksAmid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks.Matt BurgessA Hacker Accidentally Broke Into the FBI’s Epstein FilesPlus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.Maddy VarnerFrom Ukraine to Iran, Hacking Security Cameras Is Now Part of War’s ‘Playbook’New research shows hundreds of attempts by apparent Iranian state hackers to hijack consumer-grade cameras, timed to missile and drone strikes. Israel, Russia, and Ukraine have also adopted this trick.Andy GreenbergUS Takes Down Botnets Used in Record-Breaking CyberattacksThe Aisuru, Kimwolf, JackSkid, and Mossad botnets had infected more than 3 million devices in total, many inside home networks, according to the US Justice Department.Andy GreenbergCBP Used Online Ad Data to Track Phone LocationsPlus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more.Dell CameronHacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US StrikesAs Israeli airstrikes hit Tehran this morning, Iranians received mysterious push notifications saying that “help is on the way,” promising amnesty if they surrender.Ruchi KumarCyberattack on a Car Breathalyzer Firm Leaves Drivers StuckPlus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more.Matt BurgessHow Journalists Are Reporting From Iran With No InternetAfter strikes killed senior Iranian officials, Iran cut off internet access. Journalists are relying on satellite links, encrypted apps, and smuggled footage to report from inside the country.Mahmoud AslanArea Man Accidentally Hacks 6,700 Camera-Enabled Robot VacuumsPlus: The top US cyber agency falls into shambles, AI models develop an upsetting penchant for nuclear weapons, and more.Maddy VarnerIranians Don’t Have a Missile Alert System, So Volunteers Built Their Own Warning MapThe crowdsourced website and app Mahsa Alert provides citizens in Iran with crucial information amid the country’s ongoing war with the US and Israel—and an internet blackout.Matt BurgessWIRED is obsessed with what comes next. Through rigorous investigations and game-changing reporting, we tell stories that don’t just reflect the moment—they help create it. When you look back in 10, 20, even 50 years, WIRED will be the publication that led the story of the present, mapped the people, products, and ideas defining it, and explained how those forces forged the future. WIRED: For Future Reference.More From WIREDSubscribeNewslettersLivestreamsTravelFAQWIRED StaffWIRED EducationEditorial StandardsArchiveRSSSite MapAccessibility HelpReviews and GuidesReviewsBuying GuidesStreaming GuidesWearablesCouponsGift GuidesAdvertiseContact UsManage AccountJobsPress CenterCondé Nast StoreUser AgreementPrivacy PolicyYour California Privacy Rights© 2026 Condé Nast. All rights reserved. WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad ChoicesSelect international siteUnited StatesLargeChevronItaliaJapónCzech Republic & SlovakiaFacebookXPinterestYouTubeInstagramTiktok

The Iranian hacker group Handala, often characterized as a chaotic and opportunistic front for Iran’s Ministry of Intelligence and Security (MOIS), announced a breach of email accounts belonging to Kash Patel, a former senior US Department of Defense official. This action occurred amidst the ongoing US-Israel conflict with Iran. Handala claimed to have breached Patel’s older, personal Gmail account, containing years of emails and photos dating back to 2010-2019, including those forwarded from his Justice Department email. Despite the group's assertions about containing classified information, initial reviews by WIRED found no immediate evidence of government-related content within the leaked emails. Handala’s actions have been described by cybersecurity experts as driven primarily by propaganda value rather than strategic impact. Notably, Handala subsequently offered a $50 million bounty for the elimination of US President Donald Trump and Israeli Prime Minister Benjamin Netanyahu, facilitated through encrypted messaging and anonymization technologies. This escalation further underscored Handala's provocative rhetoric and willingness to engage in confrontational cyber operations. Furthermore, the group boasted of “doxing” 28 Lockheed Martin engineers in Israel, threatening their personal safety within 48 hours. However, attempts to contact the provided phone numbers yielded no results, suggesting a deliberately misleading tactic. Alongside these attacks, WIRED explored the broader context of the conflict, including the mysterious broadcast of seemingly random numbers from a so-called “number station,” potentially an intelligence operation. The publication also investigated the Kafkaesque challenges faced by Palestinians seeking death certificates, a family’s forced hiding due to immigration fears, and the difficulties experienced by Anduril as it attempts to disrupt the defense industry. The report also highlighted a unique arrangement in the New Hampshire town of Berlin, where the police department’s salaries and associated costs are covered by Immigration and Customs Enforcement. Beyond the immediate conflict, WIRED investigated Apple’s efforts to combat spyware with its Lockdown Mode security feature, which has demonstrated effectiveness in preventing attacks, as documented by Amnesty International and Citizen Lab. Additionally, the UK imposed sanctions against Xinbi Guarantee, a black market operating on Telegram and facilitating approximately $20 billion in illicit sales. Finally, the piece reviewed the growing trend of governments employing VPNs and the potential for surveillance targeting of VPN users, along with an excerpt from Andrew Guthrie Ferguson's book, "Your Data Will Be Used Against You," examining the impact of biometric surveillance and fitness trackers on privacy.