Security Digest

One Month of Fire

The Iran war hits one month with Houthis entering the fight, Iran strikes Bahrain, and US deploys 3,500 marines. FBI Director Kash Patel's personal email hacked by Handala. European Commission breached via AWS — ShinyHunters claims 350GB. Stortinget summons Støre and a dozen officials to open Epstein hearings. Cyber warfare is no longer parallel to kinetic war — it is the same war.

5 min read By FTRCRP

Threat Level: CRITICAL

“One Month of Fire”

The Iran War at Day 30

The US-Israeli war on Iran has completed one full month. This is no longer an escalation. It is a war.

The week’s key developments:

  • Houthis enter the conflict. Yemen’s Iran-backed Houthi rebels launched their “first military operation” in support of Iran, firing ballistic missiles at Israeli military sites. Israel’s military confirmed intercepting a missile from Yemen. This expands the theatre from Iran-Israel-US to a multi-front regional war.
  • Iran strikes Bahrain. Iranian missiles hit the Alba aluminium plant in Bahrain, wounding two. Iranian forces claimed to have struck an Israeli radar centre, an airport, and a US F-16 fighter jet. Explosions were reported across Tehran as air defences activated.
  • US troop deployment. Over 3,500 marines and sailors have arrived in West Asia. The Pentagon is reportedly considering ground operations. Vice President Vance said the US would exit Iran “soon” and ruled out a prolonged war. Actions suggest otherwise.
  • Saudi Arabia struck. An Iranian attack on a Saudi base damaged a US E-3 Sentry surveillance aircraft and wounded 12 US troops.
  • Lebanon’s toll. 51 rescuers and medical staff killed by Israel since the start of Hezbollah operations on March 2.
  • Russia, meanwhile: 270+ drones launched at Ukraine overnight on March 28, killing at least five. Russia’s spring offensive is costing approximately 10,000 casualties with minimal territorial gains.

The Cyber Front Is the Same Front

The AP published a piece this week that should be required reading: “Hacked hospitals, hidden spyware: Iran conflict shows how digital fight is ingrained in warfare.”

The key finding: Israelis fleeing Iranian missile strikes received texts offering links to “bomb shelter information.” The links delivered spyware to Android phones. Iran is running sophisticated cyber operations against both the US and Israel, targeting civilians under active bombardment.

This is not “cyber warfare alongside kinetic warfare.” It is the same war, using different tools against the same people at the same time. The distinction between physical and digital attack surfaces is a relic.

FBI Director’s Personal Email Breached

On March 27, the Handala Hack Team — assessed by Western intelligence as an Iranian government cyber unit — published personal photographs, documents, and a resume from FBI Director Kash Patel’s personal email account. The FBI confirmed the breach and stated the leaked material was “historical in nature” (emails from 2010–2019) with “no government information.”

Context that matters:

  • The DOJ seized four Handala domains earlier in March to disrupt their operations. They hit the FBI director’s personal inbox days later.
  • Handala previously claimed the Stryker attack (200K+ devices wiped) and has targeted Lockheed Martin.
  • The US State Department has a $10 million bounty on the group’s identification.

A state intelligence service hacked the personal email of the director of the Federal Bureau of Investigation. Whatever “no government information” means in that context, the signal is clear: no one is untouchable.

European Commission Breached via AWS

Detected March 24. The European Commission confirmed a cyberattack on its cloud infrastructure — specifically, a compromised Amazon Web Services account supporting Europa.eu. ShinyHunters claims 350GB exfiltrated: mail server dumps, database exports, internal documents, and contracts.

The Commission says internal systems and sensitive networks were not impacted. They are rotating credentials, reviewing access, and notifying affected EU entities. Amazon says AWS itself was not compromised.

ShinyHunters has been on a tear this month. They also claimed Wynn Resorts (800,000 records) and Telus Digital (1 petabyte). This is a group operating at scale against the highest-value targets on the planet.

Ransomware Continues to Hit Where It Hurts

  • Foster City, California declared a state of emergency on March 24 following a ransomware attack that paralyzed its network. 911 services continued but City Hall operated on limited in-person service.
  • Medusa continued operations against hospitals and local government — University of Mississippi Medical Center, Passaic County (600,000 residents), Bell Ambulance Wisconsin (235,000+ individuals).
  • Blockchain malware was discovered sleeping on-chain, having already infected dozens of global targets. Crystal Intelligence detailed how the malware uses legitimate blockchain transactions to distribute payloads, making detection extremely difficult.

The Nordic Epstein File

Stortinget Summons Begin

More than a dozen high-ranking officials have been summoned to testify before the Control and Constitutional Affairs Committee in open hearings. Those called include:

  • Prime Minister Jonas Gahr Støre
  • Foreign Minister Espen Barth Eide
  • Several predecessors in both roles
  • Development Minister Osmund Grover Akrust and predecessors

The independent commission formally established March 17 is still defining its mandate, composition, and legal framework. Investigations will go back to 1993 — the year of the Oslo Accords.

The Kontrollhøring

Aftenposten reported that formal parliamentary hearings are set for May 11–12. Jagland, Rød-Larsen, and Mette-Marit are all named. Nobel Committee financial disclosures are gaining traction in international press — Polish, Turkish, and Arabic outlets have all picked up the story.

Erik Solheim

Former environment minister and UN Environment head Erik Solheim said publicly: “I would have said yes to meeting Epstein.” The confession is notable for its honesty and for what it reveals about the social infrastructure around Epstein — the meetings were not hidden, they were desired.

The Scanner

Our Nordic scanner has now processed 158,000+ documents from the DOJ EFTA archive. 3,505 hits against Nordic-connected figures. The scanner continues running but hit rate is declining as the corpus is exhausted. Tracked figure counts remain stable: Rød-Larsen 606, Jagland 351, Ehnbom 206, Andersson-Dubin 10, Mona Juul 11.

What We Are Watching

The Houthi expansion. If Yemen becomes a sustained second front, the economic damage will accelerate — Strait of Hormuz disruption would spike global energy prices further.

Handala’s escalation. From Stryker to Lockheed to the FBI director’s personal email. The target list is climbing, and the DOJ domain seizures have not slowed them.

ShinyHunters at scale. The European Commission, Wynn Resorts, Telus Digital. This is a financially motivated group operating against nation-state-level targets with apparent ease.

The Norwegian hearings. May 11–12 will be a watershed. Støre testifying in open session about his government’s Epstein-era connections is unprecedented for Norway.

Digest compiled from open-source intelligence. Analysis reflects information available as of March 29, 2026.

FTRCRP Security Digest — Issue #010