A hacker group linked to Iran, known as Handara, announced on Friday that it had gained access to a Federal Bureau of Investigation (FBI) surveillance drone, threatening to deploy it in a potential attack during a soccer World Cup event.
According to Handara, they’ve been monitoring “every image and every suspect” picked up by the FBI’s drone for what they described as “months.”
“World Cup security should be reinforced. Some teams are really concerned about it. Just remember, FPV is everywhere. You might unexpectedly encounter your team’s bus,” the hacker group warned.
The statement included examples of images and videos they claimed were taken from hacked drones, though SITE pointed out that some of this “evidence” appeared to be older public domain drone footage.
The FBI responded to these allegations, calling them unfounded. “We’re aware of claims online that hacker groups with foreign ties have accessed FBI drone systems and related imagery. These claims are false,” their statement read.
“The FBI is fully equipped to collaborate with federal, state, and local partners to safeguard World Cup locations and activities. We advise the public to rely on official information and report anything suspicious to law enforcement,” they added.
Handara, also known as the “Handara Hack Team” or Handara Popular Resistance Front (HPRF), is a relatively new entity among various online threat groups associated with Iran’s Ministry of Intelligence and Security (MOIS).
Iran has a notable history of creating, decommissioning, and repurposing various hacker group identities. Handara, named after a character from Palestinian cartoons that has been around for more than 40 years, is among the more active personas as of 2026.
The first announcement from the Handara Hack Team, which positions itself as a “hacktivist” group opposing Israeli actions in Gaza, came in late 2023 after Hamas launched an attack that targeted Israeli civilians. Besides cyber espionage, the group claims to have conducted physical attacks in Israel.
As ceasefire discussions unfolded between Iran and the U.S., Handara proclaimed, “Cyber warfare did not start with a military conflict, nor will it end with any military truce,” indicating ongoing intentions.
“Under directive from the higher-ups in the Axis of Resistance, we’re currently stepping back from direct confrontation with the U.S., but our capacity to infiltrate and disrupt American infrastructure is well-known,” they asserted.
In July 2025, Handara claimed to have accessed the internal communications of Iran International, an opposition media organization based outside Iran. They released personal data, images, and documents taken from the servers of Iranian groups. In March 2026, the group claimed responsibility for hacking FBI Director Kash Patel’s personal email, displaying photos they said were retrieved from his account. Security experts noted, however, that some of the data shared by Handara was old and may have been reused from past breaches.
“The so-called ‘impenetrable’ systems of the FBI were compromised within hours by our team. Is this the level of security that the U.S. government boasts about?! They cannot silence resistance through fear and bribery!” Handara declared upon announcing the Patel hack.
Recently, Handara also claimed to have infiltrated water utilities in Bakersfield, Visalia, and Chico in California, saying the cyberattack was a response to U.S. airstrikes on Iran. “Just two days ago, millions of dollars worth of rockets destroyed water sources for the oppressed in Sirik, leaving them to suffer in 50-degree Celsius heat. Today, we’ve retaliated right at the heart of America,” the group stated.
Handara released some purportedly stolen data as proof of the attack but suggested that their actions could have been much worse.
“We could have easily cut off water to American cities like our foolish president did, but we’re not about that,” they stated.
“Today is different from 2010 when you could launch an attack like Stuxnet without severe consequences. Today, any attack could wreak havoc on your infrastructure in hours,” the group noted, referring to the Stuxnet cyberattack aimed at disrupting Iran’s nuclear program.
