WASHINGTON: A group of hackers, claiming to be tied to Iran, have warned they will release more emails stolen from people close to Donald Trump, after they shared an earlier batch with the media before the 2024 US election.
In online chats with Reuters on Sunday and Monday, the hackers – using the pseudonym “Robert” – claimed they had around 100 gigabytes of emails taken from accounts belonging to White House Chief of Staff Susie Wiles, Trump lawyer Lindsey Halligan, Trump adviser Roger Stone, and adult film actress-turned-Trump critic Stormy Daniels.
Robert mentioned they might sell the data but offered no clear details about their plans. The group did not reveal the contents of the emails.
US Attorney General Pam Bondi called the hacking “an unconscionable cyber-attack”.
The White House and FBI issued a statement from FBI Director Kash Patel, who said: “Anyone associated with any kind of breach of national security will be fully investigated and prosecuted to the fullest extent of the law.”
Halligan, Stone, a representative for Daniels, and the US cyberdefence agency CISA did not respond to requests for comment. Iran’s mission to the United Nations also did not reply. Tehran has previously denied involvement in cyberespionage.
The hacker group Robert emerged in the final months of the 2024 presidential campaign, claiming to have accessed email accounts of several Trump allies, including Wiles.
They later distributed some of the emails to journalists.
Reuters had previously authenticated some of the leaked content, including an email appearing to show a financial agreement between Trump and lawyers for former presidential candidate Robert F. Kennedy Jr., now Trump’s health secretary.
Other leaks included internal Trump campaign messages about Republican candidates and details of legal settlement talks with Daniels.
Though the leaks received some media attention last year, they did not significantly affect the outcome of the presidential race, which Trump won.
In September 2024, the US Justice Department alleged in an indictment that Iran’s Revolutionary Guards were behind the Robert hacking operation. The hackers declined to comment on the allegation.
After Trump’s victory, Robert told Reuters no more leaks were planned. In May, the hackers claimed, “I am retired, man.” However, they resumed activity following this month’s 12-day conflict between Israel and Iran, which ended with US strikes on Iran’s nuclear sites.
In fresh messages this week, Robert said they were preparing to sell the stolen emails and wanted Reuters to “broadcast this matter”.
Frederick Kagan, a scholar at the American Enterprise Institute and an expert on Iranian cyber activity, said Iran’s intelligence services may now be trying to retaliate without risking further military escalation.
“A default explanation is that everyone’s been ordered to use all the asymmetric tools they have, without provoking major Israeli or US military action,” he said. “Leaking a bunch more emails is not likely to do that.”
Despite concerns that Iran might launch serious cyberattacks, its hackers remained largely quiet during the recent conflict. However, US cyber officials warned on Monday that Tehran could still target American businesses and key infrastructure.
