An Iran-linked hacker group operating under the pseudonym “Robert” has threatened to release more emails stolen from individuals closely tied to U.S. President Donald Trump. The warning comes amid heightened geopolitical tensions following a recent 12-day air war between Iran and Israel, capped by U.S. airstrikes on Iran’s nuclear facilities.
In online conversations with Reuters, the hackers claimed to possess approximately 100 gigabytes of sensitive emails from accounts linked to White House Chief of Staff Susie Wiles, Trump lawyer Lindsey Halligan, Trump adviser Roger Stone, and adult film star-turned-critic Stormy Daniels. While the group floated the idea of selling the material, they provided no details on the specific content or release timeline.
This isn’t the first time “Robert” has targeted Trump allies. In the run-up to the 2024 U.S. presidential election which Trump ultimately won the group leaked emails allegedly exposing financial dealings and internal campaign communications. Despite some media coverage, those leaks did not significantly impact the election outcome.
U.S. authorities have responded strongly. Attorney General Pam Bondi labeled the intrusion an “unconscionable cyber-attack,” while FBI Director Kash Patel vowed full prosecution of those responsible. The Cybersecurity and Infrastructure Security Agency (CISA) dismissed the hack as a “calculated smear campaign” aimed at undermining Trump and his inner circle.
The hackers had previously claimed to have retired but reemerged following the recent military escalation involving Iran. In messages to Reuters, they said they were organizing the sale of the stolen data and asked the outlet to publicize the matter.
A 2024 U.S. Justice Department indictment accused Iran’s Revolutionary Guard of running the Robert operation, although the hackers have declined to confirm ties to Tehran. Iran has consistently denied involvement in cyberespionage.
Experts warn that the leaks may be part of a broader Iranian strategy to retaliate without provoking further military responses. “This is asymmetric warfare,” said Frederick Kagan of the American Enterprise Institute. “Leaking emails is a low-risk way to strike back.”
Cyber officials have warned U.S. businesses and infrastructure operators to remain vigilant as Tehran’s digital campaign may still be evolving.
