Iranian government's cyber warfare gets personal
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Iranian hackers are now taking their psychological warfare tactics directly to government officials and employees at major companies.
Why it matters: Even unproven threats from Iranian hackers can create fear, uncertainty and doubt — draining attention and forcing targets to divert time and resources from their own operations.
Driving the news: In the last week, Iran-linked hackers paired two data leaks with intimidation tactics aimed at individuals.
- Handala Hack Team — a pro-Iran hacktivist group linked to Iran's intelligence services — leaked a trove of emails on Friday purportedly from FBI Director Kash Patel's personal Gmail.
- The group also released data earlier last week allegedly tied to U.S.- and Israel-based Lockheed Martin employees and claimed it had called workers to share personal details about their families, children and current locations.
Yes, but: The Lockheed Martin claims remain unverified.
- A separate pro-Iran group previously claimed it had breached the defense contractor. A Lockheed Martin spokesperson told Axios at the time the company was "aware of the reports" and "remains confident in the integrity of our robust, multi-layered information systems and data security."
- A Wired reporter found that many of the phone numbers tied to Israel-based Lockheed Martin employees weren't working.
Threat level: Targeting individuals, rather than corporate networks, marks a more aggressive and intimidating turn in Iran's cyber playbook, aimed at eroding trust and shaping public perception during the current conflict.
- The initial cache of Patel's stolen emails dates between 2010 and 2019 and includes only seemingly innocuous items like travel receipts and family and vacation photos, according to an Axios review of the documents.
- But digital sleuths have already used those crumbs — including just his Gmail address — to map parts of his online life, surfacing old Google reviews and other accounts.
Between the lines: Even recycled or low-value data can force costly investigations and response efforts. And that tactic doesn't require new hacks to be effective.
- The campaigns can also pressure key supporters of the U.S. and Israel to reconsider their backing if the threats escalate, Jake Williams, an IANS faculty member and a former NSA hacker, told Axios.
- "Part of it has to be that it's consuming resources," Williams said. "A month from now, I can leak exactly the same emails, claim they're brand new and consume hundreds of person hours at the FBI."
The intrigue: Earlier this month, the U.S. government accused Iran's Ministry of Intelligence and Security of operating Handala, which also claimed responsibility for a cyberattack on U.S. medical tech giant Stryker.
- The Iranian government also breached Patel's communications in late 2024, according to CNN.
What to watch: Whether Handala releases more recent emails — and whether similar tactics spread to other officials or defense industry employees.
Go deeper: Trump threatens to "obliterate" Iran's energy and water infrastructure
