By MES Dispatch Staff
The Briefing
- An Iran-linked hacking group known as Handala has publicly claimed it breached FBI-operated first-person view drones and accessed data — including images and information tied to facial recognition and license plate readers — gathered during counterterrorism operations, according to threat intelligence firm SITE Intelligence Group.
- In a statement reported by SITE, Handala issued a direct threat referencing World Cup team buses and drone surveillance, coinciding with the opening of the 2026 FIFA World Cup on June 11.
- SITE Intelligence Group urged caution about the breach claim, noting that at least one video presented by Handala as evidence appeared to be unrelated footage from 2024 showing drone software used by a U.S. police department following tornado damage.
- The FBI has publicly confirmed drones will be deployed as part of security operations around World Cup stadiums; the bureau has also established no-drone zones over host venues and fan events.
- Handala has previously claimed responsibility for breaching FBI Director Kash Patel’s personal email account in March 2026; the U.S. State Department is offering up to $10 million for information that helps identify the group’s members.
WASHINGTON, D.C. — An Iran-linked hacking group known as Handala claimed Thursday it had obtained access for months to data collected by FBI-operated first-person view drones, including images and information linked to facial recognition and license plate reader technology — a claim that arrived one day after the 2026 FIFA World Cup opened and that included a direct threat referencing tournament security, according to the SITE Intelligence Group, which monitors extremist and threat actor communications.
In a statement reported by SITE, Handala warned that World Cup security should be tightened and made a specific reference to team buses and drone surveillance, suggesting awareness of — or intent to target — event security infrastructure. The FBI has publicly acknowledged it will deploy drones in support of security operations around World Cup venues, and has established temporary flight restrictions designating no-drone zones above stadiums and fan events for the duration of the tournament.
SITE Intelligence Group did not independently verify the breach and urged caution in accepting Handala’s claims at face value. The monitoring organization said at least one video the group presented as supporting evidence appeared to be footage from 2024, unrelated to FBI operations, depicting drone software in use by a U.S. law enforcement agency following tornado damage. Whether any actual FBI drone systems or data were compromised has not been confirmed by the bureau or the Department of Justice. The FBI did not issue a public statement in direct response to the claim as of the time of publication.
The incident is consistent with a pattern of publicly announced operations by Handala that has drawn increasing attention from U.S. authorities. In March 2026, the group claimed to have accessed the personal email account of FBI Director Kash Patel and released personal material online. Federal officials have also cited the broader threat environment posed by Iranian-linked cyber actors, noting that the Justice Department previously warned of potential retaliatory targeting of U.S. interests following U.S. and Israeli military strikes on Tehran earlier this year. The State Department has offered a reward of up to $10 million for information that leads to the identification of Handala’s members. The FBI’s investigation into the group’s activities and the validity of Thursday’s claim are ongoing.