Hackers, having links to Iran, have warned that they will release additional emails taken from associates of U.S. President Donald Trump, following an earlier leak shared with the media ahead of the 2024 U.S. election.
In online chats on Sunday and Monday, the hackers, who go by the pseudonym Robert, said they had roughly 100 gigabytes of emails from the accounts of White House Chief of Staff Susie Wiles, Trump lawyer Lindsey Halligan, Trump adviser Roger Stone and porn star-turned-Trump antagonist Stormy Daniels.
Robert raised the possibility of selling the material but otherwise did not provide details of their plans. The hackers did not describe the content of the emails.
U.S. Attorney General Pam Bondi described the intrusion as “an unconscionable cyber-attack.”
The White House and the FBI responded with a statement from FBI Director Kash Patel, who said: “Anyone associated with any kind of breach of national security will be fully investigated and prosecuted to the fullest extent of the law.”
Cyberattack
“This so-called cyber ‘attack’ is nothing more than digital propaganda, and the targets are no coincidence. This is a calculated smear campaign meant to damage President Trump and discredit honorable public servants who serve our country with distinction,” cyberdefence agency CISA said in a post on X.
Halligan, Stone and a representative for Daniels did not respond to requests for comment. Iran’s mission to the United Nations did not return a message seeking comment. Tehran has in the past denied committing cyberespionage.
Robert materialized in the final months of the 2024 presidential campaign, when they claimed to have breached the email accounts of several Trump allies, including Wiles.
The hackers then distributed emails to journalists.
Some of the leaked material were previously authenticated, including an email that appeared to document a financial arrangement between Trump and lawyers representing former presidential candidate Robert F. Kennedy Jr. – now Trump’s health secretary.
Other material included Trump campaign communication about Republican office-seekers and discussion of settlement negotiations with Daniels.
Although the leaked documents did garner some coverage last year, they did not fundamentally alter the presidential race, which Trump won.
The U.S. Justice Department in a September 2024 indictment alleged that Iran’s Revolutionary Guards ran the Robert hacking operation. The hackers declined to address the allegation.
Stolen Emails
After Trump’s election, Robert said that no more leaks were planned. As recently as May, the hackers said, “I am retired, man.” But the group resumed communication after this month’s 12-day air war between Israel and Iran, which was capped by U.S. bombing of Iran’s nuclear sites.
In messages this week, Robert said they were organizing a sale of stolen emails and wanted the media to “broadcast this matter.”
American Enterprise Institute scholar Frederick Kagan, who has written about Iranian cyberespionage, said Tehran suffered serious damage in the conflict and its spies were likely trying to retaliate in ways that did not draw more U.S. or Israeli action.
“A default explanation is that everyone’s been ordered to use all the asymmetric stuff that they can that’s not likely to trigger a resumption of major Israeli/U.S. military activity,” he said. “Leaking a bunch more emails is not likely to do that.”
Despite worries that Tehran could unleash digital havoc, Iran’s hackers took a low profile during the conflict. U.S. cyber officials warned on Monday that American companies and critical infrastructure operators might still be in Tehran’s crosshairs.
(With inputs from Reuters)
