Iran-Linked Hackers Threaten to Leak More Emails Tied to Trump Allies 

• Announcements made via the alias Robert threatened to release a new set of stolen emails from Trump allies.
• The hackers claim to have exfiltrated 100 GB of emails from prominent figures within Trump’s circle.
• The Robert hacking operation could be connected to Iran’s Islamic Revolutionary Guard Corps.

Iran-affiliated hackers using the alias “Robert” have threatened to release additional stolen emails from individuals close to U.S. President Donald Trump after publishing a previous batch of stolen communications to the media before the 2024 U.S. presidential election.

The hackers claim to have exfiltrated 100 GB of emails from prominent figures within Trump’s circle, including Chief of Staff Susie Wiles, attorney Lindsey Halligan, adviser Roger Stone, and Stormy Daniels, a known Trump critic. 

While the contents of these emails remain undisclosed, Robert indicated in conversations with Reuters that they may attempt to sell the stolen material, Reuters recently reported.

The alleged breach has prompted sharp responses from U.S. authorities. U.S. Attorney General Pam Bondi condemned the incident as “an unconscionable cyber-attack,” while FBI Director Kash Patel vowed that those responsible for breaching national security would face prosecution. 

The Cybersecurity and Infrastructure Security Agency (CISA) dismissed the breaches as “digital propaganda” intended to smear Trump and his associates, while warning that IRGC-affiliated cyber actors may target U.S. devices and networks despite a declared ceasefire and ongoing negotiations.

Although Iran’s mission to the United Nations declined to comment, Tehran has previously denied engaging in cyberespionage activities. 

A September 2024 indictment saw the U.S. Justice Department alleging that the Robert hacking operation was linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).

American analysts believe the timing of the latest leaks is significant, following heightened tensions between the U.S., Israel, and Iran, including a brief air war and U.S. strikes on Iranian nuclear sites earlier this month. 

Randolph Barr, Chief Information Security Officer at Cequence Security, stated that proxy actors and aligned nations may view recent U.S. actions as justification for retaliation, so the U.S. and its allies are increasingly facing the risk of becoming targets of cyberwarfare, “especially from adversaries seeking to exploit regional instability.”

Scholars, such as Frederick Kagan of the American Enterprise Institute, suggest the leaks may be a form of asymmetric retaliation orchestrated by Tehran.

In August 2024, Iranian state-backed APT42 targeted officials of the Biden and Trump administrations via WhatsApp.