WASHINGTON: Iran-linked hackers have threatened to disclose more emails stolen from U.S. President Donald Trump’s circle, after distributing a prior batch to the media ahead of the 2024 U.S. election.
In online chats with Reuters on Sunday and Monday, the hackers, who go by the pseudonym Robert, said they had roughly 100 gigabytes of emails from the accounts of White House Chief of Staff Susie Wiles, Trump lawyer Lindsey Halligan, Trump adviser Roger Stone and porn star-turned-Trump antagonist Stormy Daniels.
Robert raised the possibility of selling the material but otherwise did not provide details of their plans. The hackers did not describe the content of the emails.
U.S. Attorney General Pam Bondi described the intrusion as “an unconscionable cyber-attack.”
The White House and the FBI responded with a statement from FBI Director Kash Patel, who said: “Anyone associated with any kind of breach of national security will be fully investigated and prosecuted to the fullest extent of the law.”
Halligan, Stone, a representative for Daniels and the U.S. cyberdefense agency CISA did not respond to requests for comment. Iran’s mission to the United Nations did not return a message seeking comment. Tehran has in the past denied committing cyberespionage.
Robert materialized in the final months of the 2024 presidential campaign, when they claimed to have breached the email accounts of several Trump allies, including Wiles.
The hackers then distributed emails to journalists.
Reuters previously authenticated some of the leaked material, including an email that appeared to document a financial arrangement between Trump and lawyers representing former presidential candidate Robert F. Kennedy Jr. – now Trump’s health secretary.
Other material included Trump campaign communication about Republican office-seekers and discussion of settlement negotiations with Daniels.
Although the leaked documents did garner some coverage last year, they did not fundamentally alter the presidential race, which Trump won.
The U.S. Justice Department in a September 2024 indictment alleged that Iran’s Revolutionary Guards ran the Robert hacking operation. In conversations with Reuters, the hackers declined to address the allegation.
After Trump’s election, Robert told Reuters that no more leaks were planned. As recently as May, the hackers told Reuters, “I am retired, man.” But the group resumed communication after this month’s 12-day air war between Israel and Iran, which was capped by U.S. bombing of Iran’s nuclear sites.
In messages this week, Robert said they were organizing a sale of stolen emails and wanted Reuters to “broadcast this matter.”
American Enterprise Institute scholar Frederick Kagan, who has written about Iranian cyberespionage, said Tehran suffered serious damage in the conflict and its spies were likely trying to retaliate in ways that did not draw more U.S. or Israeli action.
“A default explanation is that everyone’s been ordered to use all the asymmetric stuff that they can that’s not likely to trigger a resumption of major Israeli/U.S. military activity,“ he said. “Leaking a bunch more emails is not likely to do that.”
Despite worries that Tehran could unleash digital havoc, Iran’s hackers took a low profile during the conflict. U.S. cyber officials warned on Monday that American companies and critical infrastructure operators might still be in Tehran’s crosshairs. (Reporting by Raphael Satter; Additional reporting by Gram Slattery; Editing by Cynthia Osterman and Michael Perry)
