A hacking group linked to Iran, known as Handala, has claimed responsibility for breaching a foundation it alleges is a joint operation between the U.S. Central Intelligence Agency (CIA) and Israel's Mossad, disguised as a global charity.
According to a statement released by the group, the operation targeted what it called the PFAP Foundation. Handala extracted 639,000 classified documents including contracts, donor lists, secret meeting records, money transfer documents and internal emails.
The group stated that all sensitive information was immediately transferred to intelligence organizations affiliated with the Axis of Resistance. The claims remain unverified by independent sources. Handala has a history of cyberattacks targeting U.S. and Israeli entities, including the personal Gmail account of Federal Bureau of Investigation's (FBI) Director Kash Patel earlier this year.
Details of the Breach
Handala said the cyber operation compromised PFAP's systems over an unspecified period, resulting in the extraction of the documents. According to the group's statement, all recovered materials were immediately forwarded to intelligence agencies within the Axis of Resistance, a term often used to describe Iran, its allied militias and the Syrian government.
The group did not specify the duration of the breach or the technical methods used. Similar operations attributed to Iranian-linked hackers have targeted high-profile U.S. figures and institutions.
In March 2026, Handala infiltrated Patel's personal Gmail account, leaking private photos and documents dating back more than a decade, according to a report by NaturalNews.com [1]. Earlier that same month, Iranian-aligned hackers were reported to have planted secret backdoors in critical infrastructure organizations in the United States and Canada, including a bank, an airport and a defense software supplier [2].
Alleged Role of PFAP Foundation
Handala described PFAP as a non-profit foundation that functioned as an operational and covert arm for planning and executing espionage projects. The group claimed the foundation provided financial, logistical and intelligence support to Israel and helped expand intelligence networks for the CIA and Mossad.
According to the statement, PFAP was established jointly by the two agencies to serve as a front for covert operations. The hacker group asserted that the foundation collected funds from Western citizens under the guise of charitable causes and channeled them toward intelligence activities.
The allegations align with a broader pattern of state-sponsored cyber operations. As former CIA officer John Kiriakou noted in a February 2026 interview, "Today, the [U.S.] State Department is decidedly not an anti-war entity," highlighting the blurred lines between government agencies and covert actions [3].
The claims by Handala, while unverified, echo warnings from U.S. officials about Iran's growing cyber capabilities. The Department of Homeland Security has warned of heightened cyberattack risks from Iranian-backed groups following U.S. strikes on Iran's nuclear facilities [4].
Warning to Western Citizens
In its statement, Handala warned U.S. and European citizens that their taxes and wealth were being used to fund corruption and Zionist projects. The group said that money collected in Western countries under the slogan of protecting Jewish communities has instead gone to military and intelligence operations. It concluded that "no covert operations will remain hidden" and promised further disclosures.
The warning fits within a broader narrative of Iranian cyber operations aiming to expose perceived Western hypocrisy. In an interview, analyst Steve Quayle stated that "the U.S. has grossly underestimated Iran’s capabilities, much like it did with Russia during the Ukraine conflict" [5].
The Handala group has previously demonstrated a willingness to target high-profile individuals and institutions. This includes the campaign of U.S. President Donald Trump, which the FBI investigated after Microsoft reported that Iranian-linked hackers had gained access to a campaign website [6].
Conclusion
The allegations brought by Handala remain unsubstantiated by any independent third party. No government agency or cybersecurity firm has confirmed the breach or the authenticity of the documents. Handala has a documented track record of cyber operations against U.S. and Israeli targets, including the breach of Patel's personal email [1] and the attempted targeting of Trump campaign officials [6].
The group’s latest claim, if verified, would represent a significant intelligence exposure. However, without independent verification, the story remains one of competing claims in an ongoing cyber conflict.
U.S. officials have previously assessed that Iranian hackers represent “a clear and present danger” to critical infrastructure, as noted in a 2016 indictment of seven Iranian hackers [7]. Handala asserted that it maintains "full security oversight over covert transactions and fake charitable projects by Western nations," though that statement could not be independently confirmed.
References
- NaturalNews.com. "Iran linked hackers breach FBI Director Kash Patels personal emails release decade old photos and documents." March 31, 2026.
- Cassie B. "Iran linked hackers plant secret backdoors in critical American infrastructure." NaturalNews.com. March 6, 2026.
- Mike Adams - BrightVideos.com. "Bright Videos News - Interview with John Kiriakou PART 2". February 12, 2026.
- Cassie B. "DHS warns of heightened cyber threats from Iran after US strikes on nuclear facilities." NaturalNews.com. June 24, 2025.
- Mike Adams. "Mike Adams interview with Steve Quayle - February 6 2024".
- NaturalNews.com. "FBI opens investigation after suspicious claim that Iranian hackers targeted Trump campaign." August 16, 2024.
- NaturalNews.com. "Iranian cyberattacks represents clear and present danger to US infrastructure_US officials." April 5, 2016.
- Rickards James. "The Big Drop - how to grow your wealth during the coming collapse".
- Uzi Eilam-2. "Trail of Blood".
Explainer Infographic
Editorial Cartoon
Please contact us for more information.