Connect with us

NEWS

Handala’s FBI Drone Hack Claim Follows a Familiar Pattern of Bluffs

Iran-linked hackers say they hijacked FBI drones guarding the World Cup, but the bureau calls it false and the proof traces to old tornado footage.

Published

on

An Iran-linked hacking group claimed weeks ago that it had hijacked FBI drones guarding the World Cup. The tournament is now in its final stretch, and the claim remains unverified, disputed by the monitoring group that first reported it and rejected outright by the bureau itself. The group, known as Handala, told the SITE Intelligence Group it had watched “every image and every suspect” captured by the FBI’s first-person view (FPV) drones for months, then warned that one of the aircraft could end up near a team’s bus.

The single video Handala offered as proof turned out to be recycled footage of storm damage, not stolen federal surveillance. That collapse fits a pattern researchers have tracked for two years: Handala inflates or fabricates the evidence behind its claims almost as often as it causes real damage, which is exactly why officials keep calling each new threat unverified instead of harmless.

A Recycled Tornado Video Poses as Drone Evidence

SITE Intelligence Group, which tracks extremist and state-linked online activity, published Handala’s statement on June 12. The group said it had access “for months” to imagery gathered by FBI drones equipped with facial recognition and license plate screening, technology the bureau uses for counterterrorism work.

Better tighten your World Cup security, we don’t like some of those teams at all. Don’t forget: FPVs are everywhere; you never know when one might end up right in your team’s bus.

Handala said in the statement, which SITE published in full and later urged caution about.

Handala posted photos and video it said came from the hacked drones. SITE disputed that claim, and drone-industry outlet DroneXL traced one clip to a promotional video with nothing to do with the FBI. DroneXL identified it as a December 2024 case study from drone software firm DroneDeploy, showing an Omaha police crew flying survey aircraft over wreckage from an EF4 tornado that hit Elkhorn, Nebraska, months before the World Cup even began.

The FBI Calls the Breach Claim False

The bureau pushed back directly. According to a report from YourNews, the FBI said in a statement that weekend that it was aware of claims a foreign-linked group had accessed its drone systems and added, “These claims are false.” It said it remains fully prepared to protect World Cup venues and events.

None of that erases the real security build-out around the tournament. Aviation officials designated every FIFA World Cup 2026 stadium and surrounding grounds a strict no-drone zone, with temporary flight restrictions enforced jointly by the FAA and the FBI.

The bureau isn’t above running its own deception plays, either. It once built a fake crypto token to lure market manipulators into the open, a sting that shows federal agents understand the value of a convincing fake just as well as Handala does.

Who Is Handala, and Is It Really Iran?

Handala presents itself as an independent pro-Palestinian hacktivist collective named for a 1969 cartoon character. The Justice Department and independent researchers disagree. They describe it as a deniable front run by Iran’s Ministry of Intelligence and Security (MOIS), used for hacking, leaks, and psychological operations against the country’s adversaries.

The group takes its name and symbol from Handala, a barefoot boy drawn by Palestinian cartoonist Naji al-Ali in 1969 to represent rejection of any foreign-imposed solution to the Israeli-Palestinian conflict. Security researchers track the same operators under other names, including Void Manticore, Storm-0842, and Banished Kitten. The FBI’s own term for the playbook is blunter: what officials call a “faketivist” campaign built on stolen data and recycled clips, dressed up as grassroots resistance.

Five Hacks Handala Has Claimed Since 2023

The World Cup threat is the latest entry in a much longer list. Some of these claims held up under scrutiny. Others didn’t.

  • FBI Director’s Gmail, March 2026: Handala said it accessed Kash Patel’s personal account and released more than 300 emails, photos, and a resume, with correspondence dating back to 2010.
  • California Water Service: the group claimed it had infiltrated water systems serving several California cities, though officials cast doubt on whether any critical infrastructure was actually compromised.
  • Stryker, March 2026: an attack on the Michigan-based medical device maker reportedly wiped data from more than 200,000 employee devices across 79 countries and forced some hospitals to postpone surgeries.
  • Israeli kindergartens: Handala hijacked public address systems in more than 20 preschools to broadcast air raid sirens and threatening messages, according to threat-intelligence firm SOCRadar’s review of the group’s Israeli operations.
  • A prime minister’s inner circle: Handala claimed it compromised the phones of former Israeli premier Naftali Bennett and the current chief of staff, though researchers concluded it was a Telegram session hijack rather than a true device breach.

The mix matters. Some of it was real. Some of it wasn’t. Sorting the two out, case by case, has become its own cottage industry among cybersecurity researchers.

Two Years of Escalation

  1. December 2023: Handala surfaces days after the Hamas-led October 7 attack on Israel, presenting itself as a pro-Palestinian hacktivist collective.
  2. March 11, 2026: the group hits Stryker, an attack later described as wiping data from over 200,000 devices across 79 countries.
  3. March 19, 2026: the Justice Department seizes four Handala-linked domains, and the State Department’s Rewards for Justice program puts up to $10 million on the group’s members.
  4. Late March 2026: Handala claims it broke into Kash Patel’s personal Gmail account, calling it payback for the domain seizures, according to Forbes’ reporting on the confirmed breach.
  5. June 12, 2026: SITE Intelligence Group publishes Handala’s claim of hijacking FBI drones over the World Cup, along with the threat against team buses.

Each step follows the last. A seizure or a bounty draws a retaliatory claim. A claim draws scrutiny. Scrutiny finds holes. And the group moves on to the next target anyway.

What the Drone Numbers Show

Whatever Handala actually had access to, the airspace fight around the World Cup is real and expensive. The FBI built its counter-drone playbook at the National Counter-UAS Training Center at Redstone Arsenal in Huntsville, Alabama, training more than 60 officers drawn from roughly 30 jurisdictions across the 11 U.S. host cities.

Event Drones Detected or Seized Security Response
FIFA World Cup 2026, U.S. venues (by early July) 1,139 detected; more than 500 seized by the FBI Counter-drone teams across 11 host cities; 54 FBI field offices engaged
FIFA World Cup 2026, Miami update (late June) Over 400 seized, per Director Kash Patel 59 Homeland Security Task Forces mobilized nationwide
Paris 2024 Olympics More than 350 unauthorized drones detected 81 arrests, per a French National Assembly report

Homeland Security Secretary Markwayne Mullin has called drones his single biggest worry for the tournament, telling reporters the country had been “a little behind” on the threat before the training ramp-up. Fly a personal drone into one of the restricted zones now and the penalty is steep: up to $100,000 in fines and a year in federal prison, plus confiscation of the aircraft, according to the FBI’s Dallas field office.

The Stryker Attack Shows the Group’s Real Bite

Not every Handala claim is inflated. Ari Ben Am, a researcher at the Foundation for Defense of Democracies, a Washington think tank, told Cybersecurity Dive that Iranian actors routinely exaggerate the impact of their intrusions, often folding old leaked data into fresh claims. Analysts still treat every new threat as unverified rather than dismiss it outright, because the Stryker attack was real.

Elsewhere, Iran-linked hacking crews have gone further still, wiping victims’ backup systems entirely so recovery becomes nearly impossible, a tactic that raises the stakes on any claim these groups make, verified or not.

FBI co-Deputy Director Christopher Raia has tried to strike a balance in public remarks. He told NBC News ahead of the tournament’s opening matches that he expects some kind of security event before it’s over, while adding the bureau has identified no credible or specific threat tied to the games themselves.

The World Cup final kicks off July 19 at MetLife Stadium, and the $10 million reward for identifying Handala’s members still stands.

Frequently Asked Questions

What Should Fans Do If They Spot a Drone Near a Stadium?

Call 1-800-CALL-FBI right away. Restricted zones vary by venue, stretching three miles around some stadiums like Dallas Stadium in Arlington and one mile around fan festivals such as the one at Dallas Fair Park, so anything airborne nearby is worth reporting immediately.

Can I Fly My Own Drone Near a World Cup Stadium?

No. Even licensed remote pilots with a standard airspace authorization are barred from flying during an active temporary flight restriction window, according to the FAA. Operators are told to check the B4UFLY app before every flight near a host city.

How Does the $10 Million Reward for Handala Work?

The State Department’s Rewards for Justice program administers it, and tips can include names, aliases, or locations tied to suspected members. The offer was reissued naming the group directly after the Justice Department seized its domains in March 2026.

Has Any World Cup Drone Incident Been Linked to Handala?

Not publicly. Security officials have reported no drone incident connected to Handala’s threat, even as FBI teams seized more than 500 unauthorized aircraft near stadiums and the tally kept climbing through the tournament’s final weeks.

Logan Pierce is a writer and web publisher with over seven years of experience covering consumer technology. He has published work on independent tech blogs and freelance bylines covering Android devices, privacy focused software, and budget gadgets. Logan founded Oton Technology to publish clear, no nonsense tech news and reviews based on real hands on testing. He has personally tested and reviewed dozens of mid range and budget Android phones, written extensively about app privacy, and built and managed multiple WordPress publications over the past decade. Logan holds a bachelor's degree in English and studied digital marketing at a certificate level.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending