FBI Warns Iran-Linked Hackers Won't Stop Despite Ceasefire -- And Kash Patel's Already Been Hit

The ink barely dried on the fragile U.S.-Iran ceasefire before pro-Iranian hacking networks made one thing clear: they're not done with America. And federal cybersecurity agencies just issued an urgent warning that hackers have already infiltrated the industrial control systems that run our power plants, water facilities, and ports.

The timing couldn't be more awkward for FBI Director Kash Patel, Trump's loyalty-appointed director who's spent more time purging career agents than securing critical infrastructure. One of the leading pro-Iranian groups, Handala, claims it already hacked Patel's personal email account and leaked old photos of him as proof. Nothing says "law enforcement credibility" like getting owned by the same hackers you're supposed to be stopping.

The Ceasefire That Isn't

Handala announced it would temporarily pause attacks on U.S. targets while continuing to hit Israel -- but promised to resume American operations "when the time was right." Translation: they're regrouping, not retreating.

"We did not begin this war, but we will be the ones to finish it," the group posted on X. "And let it be clear: The cyber war did not begin with the military conflict, and it will not end with any military ceasefire."

That's not bluster. Handala has already disrupted operations at Stryker, a major Michigan-based medical equipment manufacturer, claiming the attack was retaliation for strikes that killed Iranian schoolchildren. The FBI responded by seizing four web addresses the group used to spread its message. Handala's answer? Leak Patel's emails.

Critical Infrastructure Already Compromised

On Tuesday, the FBI, National Security Agency, and Cybersecurity and Infrastructure Security Agency issued a joint advisory warning that Iranian-backed hackers have burrowed into programmable logic controllers -- the internet-connected computers that automate technology across industrial sectors. These systems control everything from electrical grids to water treatment plants to shipping ports.

The advisory urged organizations using this technology to update their security immediately. CISA didn't respond to questions about whether the ceasefire changes the threat level. Spoiler: it doesn't.

Cybersecurity experts say potential targets should assume the danger is increasing, not decreasing. Markus Mueller, a cybersecurity executive at Nozomi Networks, predicts hackers will use the lull in regional hostilities to pivot toward American organizations that supported the war effort -- data centers, tech companies, defense contractors.

"With a ceasefire, we will likely see an expansion of cyber activity both in scale and scope," Mueller said. He warned that Iranian or Russian-based groups might try to execute a high-profile attack designed to grab American headlines and demonstrate continued vulnerability despite U.S. military advantages.

Low Impact, High Volume -- For Now

So far, attacks attributed to pro-Iranian hackers have been more about morale-boosting and messaging than catastrophic damage. But the infrastructure is there for something worse.

Beyond Handala, other pro-Iranian networks have installed malware on Israeli phones, penetrated security cameras across the Middle East to improve Iran's missile targeting, and targeted data centers and industrial facilities in Israel, Saudi Arabia, and Kuwait.

The pattern is clear: these groups operate independently of Tehran but align with Iranian interests. They're persistent, they're motivated, and they're not constrained by diplomatic agreements their government didn't sign.

Patel's Priorities

While Iranian hackers probe America's critical infrastructure and leak his personal emails, Kash Patel has been busy with Trump's real priority: loyalty purges. Career FBI agents who investigated Trump's classified documents hoarding or his election interference schemes have been sidelined or pushed out. Patel's job isn't to protect Americans from foreign threats -- it's to protect Trump from accountability.

The result? An FBI director who can't secure his own email warning the public about cybersecurity threats. The irony would be funny if the stakes weren't so high.

The ceasefire between the U.S., Iran, and Israel is already fraying over disputes about who won what. But the cyber war never stopped -- and with Trump's hand-picked loyalist running the FBI, America's defenses look shakier than the truce itself.