Hackers allegedly tied to Iran have emerged with a new threat: they’re sitting on a cache of roughly 100 gigabytes of emails belonging to key figures in Donald Trump’s orbit and they’re considering putting them up for sale.
The group, operating under the alias “Robert,” recently spoke with Reuters, claiming they had compromised email accounts belonging to several high-profile individuals including Trump’s Chief of Staff Susie Wiles, his attorney Lindsey Halligan, long-time political ally Roger Stone, and Stormy Daniels, the adult film actress turned outspoken Trump critic.
While the hackers have been tight-lipped about the contents of the new batch, they previously leaked materials during the 2024 presidential race—emails that, although verified, didn’t have a lasting effect on the outcome. Trump still secured victory.
A Familiar Name Reappears
“Robert” is not new to this game. The group initially surfaced in the final months leading up to the 2024 election, claiming to have broken into the email accounts of individuals close to Trump. Some of the leaked messages showed internal campaign communications and even an email suggesting financial dealings between Trump and lawyers representing Robert F. Kennedy Jr., who now holds a cabinet position as Health Secretary.
Other documents referenced discussions involving Republican candidates and negotiations with Daniels. Despite making headlines, those revelations didn’t shift the political needle in a significant way.
Following the election, the hackers went quiet. In a message earlier this year, they even told Reuters they had “retired.” That changed abruptly after a brief but intense military conflict between Iran and Israel, capped by U.S. airstrikes on Iranian nuclear facilities.
Now, “Robert” is back—and they want attention. In their latest exchange with reporters, they suggested they were planning to sell the data, even urging Reuters to publicize the story.
U.S. Officials: This Is a Political Hit Job
The U.S. government is taking the threat seriously. Attorney General Pam Bondi called the incident “an unconscionable cyber-attack.” FBI Director Kash Patel assured the public that any individual or group involved in breaching national security would be “fully investigated and prosecuted.”
The Cybersecurity and Infrastructure Security Agency (CISA) dismissed the operation as a calculated attempt to smear Trump and other officials. On X (formerly Twitter), the agency said the leak campaign is “digital propaganda” timed to damage public confidence and stir unrest.
Attempts to contact Halligan, Stone, and Daniels for comment were unsuccessful. Iran’s UN delegation has also not responded, though Tehran has consistently denied any role in cyber espionage campaigns.
A Strategic Shift After Armed Conflict
The group’s return coincides with rising geopolitical tension. Following the 12-day military standoff between Iran and Israel and subsequent U.S. strikes, experts believe Iran’s intelligence apparatus may be turning to digital means as a form of lower-risk retaliation.
Frederick Kagan, a scholar at the American Enterprise Institute, noted that Iran likely wants to retaliate for the recent damage it sustained—but cautiously. “They’re using whatever asymmetric tools they can that won’t provoke another round of military escalation,” Kagan said. “Leaking emails is an easy choice. It sends a message without inviting bombs.”
This aligns with warnings from U.S. cyber officials, who cautioned this week that although Iran’s cyber activity was relatively quiet during the conflict, American companies and infrastructure remain vulnerable to retaliation in the digital space.
Alleged Revolutionary Guard Involvement
The U.S. Department of Justice has already drawn a direct line between the hackers and the Iranian government. In a September 2024 indictment, federal prosecutors alleged that Iran’s Islamic Revolutionary Guard Corps (IRGC) was behind the “Robert” hacking operation.
The hackers have refused to address those accusations directly in their conversations with Reuters. Still, cybersecurity analysts interpret their actions as part of a broader Iranian strategy to destabilize and exert pressure on adversaries without resorting to direct combat.
Selling Secrets, Sowing Chaos
What makes this latest development more dangerous is the group’s suggestion that they may sell the stolen material. While no transaction has been confirmed, the idea that sensitive political communications could be auctioned off raises alarms in both cybersecurity and intelligence communities.
Even if the material never sees the light of day, the mere threat is enough to generate political noise—especially during times of domestic division or international tension. Experts warn that leaked documents, even if mundane, can easily be spun into damaging narratives when selectively released.
The timing also matters. By resurfacing after major military escalations, these hackers may be serving as part of a broader Iranian effort to retaliate through non-military means.
