A hacker group believed to be linked to Iran has claimed it possesses 100 gigabytes worth of emails allegedly stolen from top aides and associates of US president Donald Trump.
Operating under the pseudonym “Robert”, the group said it may sell the data, but provided no specifics about its intended plans or the contents of the files. The group has previously distributed limited batches of emails to journalists during the 2024 campaign season.
In an online exchange with Reuters over the weekend, “Robert” claimed the emails were retrieved from several prominent figures in Trump’s orbit, including White House Chief of Staff Susie Wiles, attorney Lindsey Halligan, Trump ally Roger Stone, and adult film actress-turned-critic Stormy Daniels.
US Attorney General Pam Bondi condemned the cyberattack as “unconscionable,” while FBI Director Kash Patel warned that any breach of national security would be investigated and prosecuted “to the fullest extent of the law”.
The FBI and the White House have yet to officially confirm the extent of the breach. Requests for comment to the individuals named, as well as the US Cybersecurity and Infrastructure Security Agency (CISA), went unanswered. Iran’s UN mission also declined to respond. Tehran has consistently denied involvement in cyberespionage campaigns.
According to Reuters, some previously leaked content was independently verified, including an email allegedly showing a financial arrangement between Trump and attorneys representing Democratic presidential candidate Robert F Kennedy Jr, who currently serves as Trump’s Health Secretary.
Other leaks reportedly included internal campaign communications about Republican candidates and discussions regarding legal settlements involving Stormy Daniels.
Though the disclosures attracted media interest last year, analysts said they had little impact on the election, which saw Trump secure a second term in office.
In September 2024, the US Department of Justice charged Iran’s Islamic Revolutionary Guard Corps with orchestrating the Robert operation. The group has not commented on the charges.
While “Robert” previously claimed in May to have “retired,” activity resumed this month following a 12-day military escalation between Israel and Iran, which ended with US strikes targeting Iranian nuclear facilities.
In renewed messages, the group told Reuters it was preparing to sell the stolen trove of emails and urged the outlet to “broadcast this matter.”
Frederick Kagan, a senior fellow at the American Enterprise Institute, suggested the operation might be part of a broader Iranian response to recent hostilities. “Everyone’s likely been ordered to use all the asymmetric tools they have without provoking major Israeli or US military action,” he said. “Leaking emails falls into that category.”
Despite fears that Iran could launch more aggressive cyberattacks during the recent conflict, its hackers remained relatively inactive, according to US officials. However, a warning issued on Monday by US cyber defence agencies indicated that Iranian hackers may still target US businesses and infrastructure.
