Live Wire
15:53ZDAILYNATIOKenyan Brian Kiplagat detained in Kenya over murder of Citi Bank executive Marianne Nduta in Britain15:49ZTASNIMNEWSBook on Battalion Commander Habib released15:49ZINSIDERPAPSpaceX shares open at $150 after IPO priced at $135 per share15:49ZKYIVPOSTOFLatvian Defense Minister Melnis arrives in Kyiv for first official foreign visit15:49ZINSIDERPAPEbola spreads to new areas in northeast Democratic Republic of Congo15:48ZPRESSTV2026 World Cup opens with co-host Mexico winning opening match; Trump reportedly to miss US game15:46ZKYIVPOSTOFRailway worker killed, another injured as Russia strikes civilian infrastructure in Ukraine15:46ZWFWITNESSRPG attack hits Syrian security checkpoint near Kobani, SDF area15:53ZDAILYNATIOKenyan Brian Kiplagat detained in Kenya over murder of Citi Bank executive Marianne Nduta in Britain15:49ZTASNIMNEWSBook on Battalion Commander Habib released15:49ZINSIDERPAPSpaceX shares open at $150 after IPO priced at $135 per share15:49ZKYIVPOSTOFLatvian Defense Minister Melnis arrives in Kyiv for first official foreign visit15:49ZINSIDERPAPEbola spreads to new areas in northeast Democratic Republic of Congo15:48ZPRESSTV2026 World Cup opens with co-host Mexico winning opening match; Trump reportedly to miss US game15:46ZKYIVPOSTOFRailway worker killed, another injured as Russia strikes civilian infrastructure in Ukraine15:46ZWFWITNESSRPG attack hits Syrian security checkpoint near Kobani, SDF area
Markets
S&P 500740.77 0.41%Nasdaq25,827 0.07%Nasdaq 10029,547 0.34%Dow512.96 0.71%Nikkei92.64 0.49%China 5035.19 0.80%Europe89.52 0.07%DAX42.22 0.13%BTC$63,745 1.92%ETH$1,666 1.58%BNB$607.72 1.72%XRP$1.14 2.36%SOL$67.45 3.17%TRX$0.3132 2.29%DOGE$0.0884 4.28%HYPE$60.03 5.86%LEO$9.54 0.57%RAIN$0.013 0.30%QQQ$719.2 0.29%VOO$680.93 0.40%VTI$365.96 0.46%IWM$293.84 1.18%ARKK$75.05 0.54%HYG$79.94 0.00%Gold$387.07 0.19%Silver$61.12 0.49%WTI Crude$125.39 2.67%Brent$47.79 2.72%Nat Gas$11.3 1.26%Copper$39.08 0.36%EUR/USD1.1567 0.00%GBP/USD1.3402 0.00%USD/JPY160.20 0.00%USD/CNY6.7623 0.00%S&P 500740.77 0.41%Nasdaq25,827 0.07%Nasdaq 10029,547 0.34%Dow512.96 0.71%Nikkei92.64 0.49%China 5035.19 0.80%Europe89.52 0.07%DAX42.22 0.13%BTC$63,745 1.92%ETH$1,666 1.58%BNB$607.72 1.72%XRP$1.14 2.36%SOL$67.45 3.17%TRX$0.3132 2.29%DOGE$0.0884 4.28%HYPE$60.03 5.86%LEO$9.54 0.57%RAIN$0.013 0.30%QQQ$719.2 0.29%VOO$680.93 0.40%VTI$365.96 0.46%IWM$293.84 1.18%ARKK$75.05 0.54%HYG$79.94 0.00%Gold$387.07 0.19%Silver$61.12 0.49%WTI Crude$125.39 2.67%Brent$47.79 2.72%Nat Gas$11.3 1.26%Copper$39.08 0.36%EUR/USD1.1567 0.00%GBP/USD1.3402 0.00%USD/JPY160.20 0.00%USD/CNY6.7623 0.00%
OPENNYSEcloses in 4h 4m
themonexus.
Vol. I · No. 163
Friday, 12 June 2026
15:55 UTC
  • UTC15:55
  • EDT11:55
  • GMT16:55
  • CET17:55
  • JST00:55
  • HKT23:55
← back to Saturday edition◉ LIVE ON THE WIREfollow this thread in real time
Tech

Hacking Group Claims Mass Email Leak — Credibility Questions Mount

A Telegram-sourced claim of a 150,000-email breach has circulated widely through Iranian state-linked channels with no independent corroboration — raising familiar questions about the information landscape surrounding regional cyber operations.
By Monexus Staff Writermiddle-east3-minute read2 May 2026☆ Save↗ Share⎙ Print
A Telegram-sourced claim of a 150,000-email breach has circulated widely through Iranian state-linked channels with no independent corroboration — raising familiar questions about the information landscape surrounding regional cyber operati…
A Telegram-sourced claim of a 150,000-email breach has circulated widely through Iranian state-linked channels with no independent corroboration — raising familiar questions about the information landscape surrounding regional cyber operati… / @FarsNewsInt · Telegram

A hacking group identifying itself as Hanzaleh announced on 2 May 2026, via Iranian state-linked Telegram channels, that it had penetrated unnamed systems connected to an individual it designates as Robert Mali and published approximately 150,000 emails. The claim circulated within hours across multiple Persian-language outlets including Mehr News, Jahan Tasnim, and Tasnim's English-language service — all platforms with established ties to Iranian state messaging.

No independent verification has emerged from cybersecurity firms, Western intelligence assessments, or credible third-party researchers. The identity of Robert Mali remains unestablished in any publicly accessible source; no institutional affiliation, nationality, or public-facing role for the named individual appears in the available reporting.

The Claim as Reported

The Hanzaleh group described the operation as complex, asserting full penetration of systems connected to Mali's communications infrastructure. A figure of 150,000 emails was cited as the volume of material exposed. No sample emails, metadata, or technical indicators of compromise were published alongside the initial announcements — the primary evidence offered to support the claim is the group's own Telegram statement.

The timing of the disclosure, mid-afternoon Tehran time on a Friday, follows a pattern familiar in state-adjacent cyber-disclosure events: simultaneous amplification across aligned channels, a specific and round-numbered casualty figure, and no immediate offer for third-party forensic inspection.

Sourcing Constraints and Information Environment

The available sources for this report share a common provenance: Persian-language Telegram channels operated by or adjacent to Iranian state media organisations. Tasnim News Agency and Mehr News are integrated into Iran's official information apparatus. Their coverage of cyber operations attributed to Iranian-affiliated threat actors is typically favourable; their coverage of operations targeting Iranian interests warrants heightened scepticism absent corroboration.

Monexus has not located any independent confirmation of the Hanzaleh claim through Western cybersecurity firms, governmentCERT advisories, or established investigative outlets. This absence is not itself proof the breach did not occur — many intrusions go unpublicised — but it means the disclosure currently rests on a self-described actor's own account, amplified through a single information ecosystem.

Structural Context: Cyber Disclosures as Messaging Operations

Public disclosures of compromised data are not neutral informational events. They serve strategic communication functions regardless of whether the underlying breach is real. A claimed leak generates media coverage, social-media amplification, and reputational pressure on the named target — effects that materialise whether or not the emails are authentic.

In the current regional information environment, cyber disclosure announcements from non-Western actors frequently circulate in a credibility gap: they are reported at face value by aligned outlets and treated with scepticism by Western ones, producing divergent narratives that can coexist for weeks before technical corroboration arrives — if it arrives at all.

The Hanzaleh group's profile, as presented, does not correspond to widely documented threat actors in the public cybersecurity literature. Whether this reflects a genuinely new actor, a rebranded operation, or a fabricated identity cannot be determined from available sources.

What Remains Unknown

Several material questions cannot be answered from the current evidence. The identity and role of Robert Mali — including whether the name is accurate, a transliteration, or an invented target — is not established. No email samples or technical indicators of compromise have been published. No government or institution has acknowledged being targeted. No Western cybersecurity firm has attributed the claimed operation to a named actor based on forensic evidence.

The sources also do not specify whether the emails were obtained through a direct system breach, a third-party compromise, or social-engineering — a distinction that would affect both the credibility assessment and the legal and diplomatic implications of the disclosure.

Stakes

If the breach is genuine and the emails are authentic, the disclosure could carry significant diplomatic, commercial, or personal consequences for the named individual — consequences that would proceed regardless of whether the broader information ecosystem treats the claim seriously.

If the breach is fabricated or exaggerated, the episode illustrates the continuing ease with which unverified cyber-disclosure claims circulate through state-adjacent media ecosystems, placing journalists and policymakers in the position of either amplifying claims with no evidentiary basis or risking the appearance of suppressing information that may eventually prove accurate.

Monexus will update this report should independent corroboration emerge.

This publication noted that the initial wire framing in Persian-language channels carried the story without qualification. Monexus has chosen to present the claim alongside the sourcing limitations rather than treat it as an established fact.

Wire provenance

This editorial synthesis draws on the following public wire/social posts:

  • https://t.me/mehrnews/9184732
  • https://t.me/JahanTasnim/11421
  • https://t.me/tasnimnews_en/22981
  • https://t.me/farsna/7731
© 2026 Monexus Media · reported from the wire