Iran-linked hackers threaten fresh leaks of Trump associates’ emails – Reuters

A man holds a laptop computer as cyber code is projected on him, File Photo.
A man holds a laptop computer as cyber code is projected on him, File Photo.

Iran-linked hackers claiming the pseudonym "Robert" have threatened to disclose additional stolen emails from associates of US President Donald Trump, Reuters reported Tuesday.

The group, which leaked a prior batch ahead of the 2024 presidential election, said it holds roughly 100 gigabytes of emails from accounts including White House Chief of Staff Susie Wiles, Trump lawyer Lindsey Halligan, adviser Roger Stone, and Stormy Daniels, a notorious Trump critic.

In online chats with Reuters, the hackers hinted at possibly selling the stolen material but gave few details about their intentions or the content of the emails.

US Attorney General Pam Bondi called the breach “an unconscionable cyber-attack,” while FBI Director Kash Patel vowed that anyone involved in national security breaches would face full prosecution.

The Cybersecurity and Infrastructure Security Agency (CISA) labeled the incident “digital propaganda” aimed at damaging Trump and discrediting public servants.

Robert emerged during the final months of the 2024 campaign, distributing emails that Reuters verified included a financial arrangement between Trump and Robert F. Kennedy Jr., now Trump’s health secretary.

Other leaked documents showed internal Trump campaign communications and settlement talks with Daniels. While these leaks received media attention, they did not significantly impact the election outcome.

In a 2024 indictment, the US Justice Department accused Iran’s Revolutionary Guards of orchestrating the Robert hacking operation. The hackers declined to address this allegation in their conversations with Reuters.

Despite earlier remarks to Reuters that no further leaks were planned and that the group had “retired,” Robert re-engaged following the recent 12-day conflict between Israel and Iran, which culminated in US strikes on Iranian nuclear sites.

This week, the hackers told Reuters they were organizing a sale of stolen emails and requested that Reuters publicize the matter.

Frederick Kagan, a scholar on Iranian cyberespionage at the American Enterprise Institute, suggested the renewed hacking reflects Tehran’s efforts to retaliate asymmetrically without provoking a larger military response.

"A default explanation is that everyone's been ordered to use all the asymmetric stuff that they can that's not likely to trigger a resumption of major Israeli/US military activity," he said. "Leaking a bunch more emails is not likely to do that."

While concerns remain about Iran’s cyber capabilities, the hackers maintained a low profile during the conflict. US cyber officials warned that American companies and critical infrastructure could still be targeted in the future.

During the 12-day war with Israel, several Iranian banks and cryptocurrency platforms were hacked in coordinated cyberattacks. Iranian authorities, fearing further breaches of critical infrastructure, responded by shutting down internet access nationwide.

While the government cited cybersecurity as the rationale, the primary aim was to limit public access to wartime information and suppress its dissemination on social media.