Hackers reportedly connected to Iran have issued a new threat to disclose more emails stolen from the orbit of President Donald Trump, following an earlier distribution to media outlets ahead of the 2024 U.S. election.
In online conversations with Reuters on Sunday and Monday, the hackers, operating under the pseudonym “Robert,” claimed to possess approximately 100 gigabytes of emails. These emails were purportedly taken from accounts belonging to key figures within Trump’s circle, including White House Chief of Staff Susie Wiles, Trump lawyer Lindsey Halligan, Trump adviser Roger Stone, and adult film actress-turned-Trump critic Stormy Daniels.
“Robert” indicated a potential intention to sell the data but provided no specific details about their plans, nor did they reveal the contents of the emails. U.S. Attorney General Pam Bondi condemned the incident as “an unconscionable cyber-attack.” The White House and FBI affirmed FBI Director Kash Patel’s statement: “Anyone associated with any kind of breach of national security will be fully investigated and prosecuted to the fullest extent of the law.”
Halligan, Stone, a representative for Daniels, and the U.S. cyberdefense agency CISA did not respond to requests for comment. Iran’s mission to the United Nations also remained silent, while Tehran has historically denied involvement in cyberespionage.
The hacker group “Robert” first emerged in the final months of the 2024 presidential campaign, asserting that they had accessed email accounts of several Trump allies, including Wiles. They subsequently disseminated some of these emails to journalists. Reuters had previously authenticated some of the leaked material, including an email that appeared to outline a financial agreement between Trump and lawyers for former presidential candidate Robert F. Kennedy Jr., who now serves as Trump’s health secretary. Other leaks included internal Trump campaign communications regarding Republican candidates and details of legal settlement discussions with Daniels. Despite gaining some media attention last year, these leaks did not significantly impact the outcome of the presidential race, which Trump ultimately won.
In September 2024, the U.S. Justice Department alleged in an indictment that Iran’s Revolutionary Guards were behind the “Robert” hacking operation. The hackers declined to comment on this specific accusation.
Following Trump’s victory, “Robert” had informed Reuters that no further leaks were planned, even claiming in May, “I am retired, man.” However, their activity resumed after this month’s 12-day conflict between Israel and Iran, which concluded with U.S. strikes on Iran’s nuclear sites.
In fresh messages this week, “Robert” stated they were preparing to sell the stolen emails and specifically requested that Reuters “broadcast this matter.”
Frederick Kagan, a scholar at the American Enterprise Institute and an expert on Iranian cyber activity, suggested that Iran’s intelligence services might be seeking retaliation without risking further military escalation. “A default explanation is that everyone’s been ordered to use all the asymmetric tools they have, without provoking major Israeli or U.S. military action,” he commented. “Leaking a bunch more emails is not likely to do that.” Despite concerns that Iran might launch serious cyberattacks, its hackers remained largely quiet during the recent conflict. However, U.S. cyber officials cautioned on Monday that Tehran could still target American businesses and critical infrastructure.
