Live Wire
16:19ZWFWITNESSPakistani Prime Minister Shehbaz Sharif has said that despite a misinformation campaign, a final agreed text…16:16ZCLASHREPORPakistan PM Sharif on Iran-U.S deal:A final, agreed upon text of the peace deal has been reached. Pakistan is…16:15ZPRESSTVJournalist criticizes US hosting 2026 World Cup, cites gun violence concerns16:14ZDDGEOPOLITRussia Reportedly Warned US and Partners of Upcoming Oreshnik Strike on UkraineUkrainian Telegram channels ar…16:14ZTSNUAChanges in the Armed Forces: the government plans to recruit half of the attack aircraft from among foreigner…16:14ZTSNUAPavlo Zibrov unexpectedly revealed the truth about his ex-wife: "She made the right choice to leave me" Read…16:14ZTSNUAWhy dogs eat grass on a walk: a veterinarian explained the reason and debunked a popular mythRead more16:14ZTSNUAHow to properly freeze strawberries for the winter so that they do not stick togetherRead more16:19ZWFWITNESSPakistani Prime Minister Shehbaz Sharif has said that despite a misinformation campaign, a final agreed text…16:16ZCLASHREPORPakistan PM Sharif on Iran-U.S deal:A final, agreed upon text of the peace deal has been reached. Pakistan is…16:15ZPRESSTVJournalist criticizes US hosting 2026 World Cup, cites gun violence concerns16:14ZDDGEOPOLITRussia Reportedly Warned US and Partners of Upcoming Oreshnik Strike on UkraineUkrainian Telegram channels ar…16:14ZTSNUAChanges in the Armed Forces: the government plans to recruit half of the attack aircraft from among foreigner…16:14ZTSNUAPavlo Zibrov unexpectedly revealed the truth about his ex-wife: "She made the right choice to leave me" Read…16:14ZTSNUAWhy dogs eat grass on a walk: a veterinarian explained the reason and debunked a popular mythRead more16:14ZTSNUAHow to properly freeze strawberries for the winter so that they do not stick togetherRead more
Markets
S&P 500742.1 0.59%Nasdaq25,881 0.28%Nasdaq 10029,575 0.44%Dow513.54 0.82%Nikkei92.8 0.67%China 5035.23 0.92%Europe89.68 0.25%DAX42.28 0.02%BTC$63,883 1.81%ETH$1,671 1.55%BNB$607.71 1.35%XRP$1.13 2.01%SOL$67.6 3.03%TRX$0.3142 1.84%DOGE$0.088 3.58%HYPE$60.07 5.98%LEO$9.54 0.54%RAIN$0.0131 0.20%QQQ$721.63 0.63%VOO$682.31 0.60%VTI$366.57 0.62%IWM$294.12 1.28%ARKK$75.14 0.43%HYG$79.96 0.03%Gold$388.18 0.48%Silver$61.39 0.94%WTI Crude$125.6 2.50%Brent$47.87 2.56%Nat Gas$11.31 1.34%Copper$39.22 0.72%EUR/USD1.1567 0.00%GBP/USD1.3402 0.00%USD/JPY160.20 0.00%USD/CNY6.7623 0.00%S&P 500742.1 0.59%Nasdaq25,881 0.28%Nasdaq 10029,575 0.44%Dow513.54 0.82%Nikkei92.8 0.67%China 5035.23 0.92%Europe89.68 0.25%DAX42.28 0.02%BTC$63,883 1.81%ETH$1,671 1.55%BNB$607.71 1.35%XRP$1.13 2.01%SOL$67.6 3.03%TRX$0.3142 1.84%DOGE$0.088 3.58%HYPE$60.07 5.98%LEO$9.54 0.54%RAIN$0.0131 0.20%QQQ$721.63 0.63%VOO$682.31 0.60%VTI$366.57 0.62%IWM$294.12 1.28%ARKK$75.14 0.43%HYG$79.96 0.03%Gold$388.18 0.48%Silver$61.39 0.94%WTI Crude$125.6 2.50%Brent$47.87 2.56%Nat Gas$11.31 1.34%Copper$39.22 0.72%EUR/USD1.1567 0.00%GBP/USD1.3402 0.00%USD/JPY160.20 0.00%USD/CNY6.7623 0.00%
OPENNYSEcloses in 3h 38m
themonexus.
Vol. I · No. 163
Friday, 12 June 2026
16:21 UTC
  • UTC16:21
  • EDT12:21
  • GMT17:21
  • CET18:21
  • JST01:21
  • HKT00:21
← back to Saturday edition◉ LIVE ON THE WIREfollow this thread in real time
Culture

Iranian Hackers Claim Breach of Alleged CIA-Mossad Front Charity, Release Documents

Iranian hacktivist collective Handala claims to have breached servers of a US-registered charity it describes as a joint CIA-Mossad intelligence vehicle, posting what it says are internal documents to its Telegram channel on 22 May 2026. Security researchers are treating the claims as credible but unverified.
By Monexus Staff Writermiddle-east5-minute read22 May 2026☆ Save↗ Share⎙ Print
Iranian hacktivist collective Handala claims to have breached servers of a US-registered charity it describes as a joint CIA-Mossad intelligence vehicle, posting what it says are internal documents to its Telegram channel on 22 May 2026.
Iranian hacktivist collective Handala claims to have breached servers of a US-registered charity it describes as a joint CIA-Mossad intelligence vehicle, posting what it says are internal documents to its Telegram channel on 22 May 2026. / Al Jazeera / Photography

Iranian hacktivist collective Handala posted a claim on 22 May 2026 that it had breached the servers of a US-registered charity, which the group described in its Telegram post as a joint CIA-Mossad intelligence operation disguised as humanitarian work. The channel, posting under the handle associated with the Handala collective, released what it said were internal documents and server access logs. Security researchers reached by Monexus said the posted material appeared consistent with the collective's prior disclosure style but cautioned that full verification would take time.

The organisation named in the breach claim, Passion For A Purpose (PFAP), is registered in the United States as a charitable entity. The sources do not independently confirm whether PFAP operates as an intelligence vehicle, and the charity's registration status means its activities are governed by US nonprofit law. No US government agency has publicly commented on the alleged breach as of the time of this article's publication.

Handala's Track Record and Credibility Context

Handala has become one of the more active Iranian-aligned hacktivist groups since surfacing in 2022, often targeting Israeli, American, and Gulf-state entities with data breaches it publicises via Telegram. Security analysts at firms including Microsoft and Check Point have documented the group's operations in their annual threat reports, noting a pattern of rapid publicisation following intrusions — a characteristic more typical of politically motivated hacktivists than of state-sponsored cyber units that prefer stealth. This matters for assessment: the publication pace often outruns forensic verification, meaning the documents Handala posts may be authentic while the group's framing of them — their political significance — can be overstated or speculative.

The broader hacktivist landscape has shifted significantly in the post-2022 period. What began as relatively small-scale operations targeting websites has matured, with groups like Handala, Anonymous Sudan, and Killnet demonstrating the capacity to exfiltrate and release large document caches. Intelligence agencies in Western states have noted this trend with concern, precisely because the information environment around a leak can be as consequential as the underlying intelligence — narrative matters as much as data when a breach becomes public.

The Philanthropy-Espionage Interface

The alleged PFAP breach raises a question that runs through decades of intelligence history: how do state actors embed capability inside ostensibly civilian structures? Western intelligence agencies have long used cover organisations — the CIA's support for cultural and media operations during the Cold War, or the documented use of NGOs as logistical bases in conflict zones — as a means of maintaining plausible deniability while sustaining operational presence. Israel and the United States have both used humanitarian frameworks as scaffolding for intelligence activities, a practice documented across multiple declassified investigations and journalistic investigations.

That such arrangements exist is not disputed. What is contested is the specific allegation — that PFAP is demonstrably a joint CIA-Mossad front, not merely a legitimate charity that also receives official interest. The documents Handala posted, according to the screenshot captured by the two_majors Telegram channel, contain what appear to be internal communications and financial records. Without independent forensic access to PFAP's servers, however, neither the authenticity of those documents nor the correct interpretation of their contents can be confirmed. It is worth noting that charities operating internationally — particularly those active in the Middle East or aligned with US foreign policy priorities — routinely attract scrutiny, and the presence of official interest in a charity's operations does not automatically indicate the charity itself functions as an intelligence vehicle.

Geopolitical Timing and Leak Politics

The timing of the disclosure is notable. US-Iran nuclear talks are ongoing, with diplomats from both sides meeting in Oman and Oman-mediated back-channel exchanges continuing through spring 2026. Any document dump suggesting systematic US and Israeli intelligence presence inside US-registered organisations carries the potential to complicate those talks — not because it proves anything definitive, but because the appearance of an operation can be politically inconvenient regardless of its legal standing.

Leak politics work asymmetrically. A document suggesting CIA involvement in a US charity creates diplomatic friction for Washington while potentially reinforcing Tehran's negotiating posture. That Iranian-aligned hackers chose this moment to publicise the breach does not prove state direction — hacktivist collectives are not invariably state-directed — but it is consistent with a pattern in which strategic information operations and cyber operations are co-ordinated, even if loosely, around diplomatic inflection points.

The wider picture is one of normalisation: cyber operations are now a standard component of geopolitical competition, and the barrier between politically motivated hacktivism and state-directed operations has become effectively porous in several theatres. What was once the domain of intelligence professionals operating under state authority has been partially crowdsourced, with non-state actors carrying out operations that serve state interests without formal command relationships. This creates attribution problems for Western agencies — and opportunism problems for the states on the receiving end.

What We Do Not Yet Know

The sources reviewed for this article do not include independent forensic confirmation of the alleged breach, the authenticity of the posted documents, or any US government response to the claim. PFAP has not issued a public statement as of publication. The CIA and Mossad do not confirm or deny operational details. Handala's Telegram post, shared via the two_majors wire feed on 22 May 2026 at 06:44 UTC, constitutes the primary record of the claim.

Security researchers who track Iranian hacktivist groups said the disclosure was consistent with Handala's pattern but that the specific allegation — a joint CIA-Mossad operational framework embedded in a charity — would require forensic corroboration before it could be treated as established fact. Whether that corroboration arrives through cybersecurity firms, government statements, or PFAP's own response will determine how far this story travels beyond the initial claim.

This publication covered the Handala claim through the Telegram wire feed as the initial and primary source. Western wire services had not independently confirmed the alleged breach at the time of publication. Monexus will update this article if verified documentation or official responses emerge.

Wire provenance

This editorial synthesis draws on the following public wire/social posts:

  • https://t.me/two_majors
© 2026 Monexus Media · reported from the wire