A hacker collective suspected of ties to Iran has asserted that it holds 100 gigabytes of confidential emails allegedly stolen from key allies and associates of U.S. President Donald Trump.
Using the alias “Robert,” the group announced plans to potentially sell the data, though it has yet to provide specific details about the contents or how the sale might take place. During the 2024 election campaign, the group previously leaked selected emails to journalists.
Read more: Elon Musk Threatens to Launch ‘America Party’ Over Trump’s Spending Bill
In a recent conversation with Reuters, “Robert” claimed the data came from various high-profile individuals close to Trump — including Chief of Staff Susie Wiles, lawyer Lindsey Halligan, longtime Trump confidant Roger Stone, and Stormy Daniels, the adult film actress who later became a vocal critic of Trump.
U.S. Attorney General Pam Bondi called the hacking incident “outrageous,” while FBI Director Kash Patel emphasized that any compromise of national security would face full legal consequences.
Neither the FBI nor the White House has officially verified the scope or authenticity of the breach. Requests for comment sent to the individuals mentioned, as well as the U.S. Cybersecurity and Infrastructure Security Agency (CISA), were not answered. Iran’s mission to the United Nations also declined to comment, maintaining the country’s longstanding denial of involvement in cyberespionage operations.
Reuters reported that some previously leaked documents were independently authenticated, including one email allegedly outlining a financial arrangement between Trump and lawyers representing his political rival Robert F. Kennedy Jr., who now serves as Trump’s Secretary of Health.
Additional leaks included internal Republican campaign communications and discussions regarding legal issues involving Stormy Daniels.
Despite generating headlines, analysts noted that the leaks had minimal effect on the outcome of the election, in which Trump won a second term.
Back in September 2024, the U.S. Department of Justice formally charged Iran’s Islamic Revolutionary Guard Corps with running the “Robert” cyber operation. The group has not issued any response to the charges.
Although the hackers claimed in May to have disbanded, they reemerged in the wake of a 12-day Iran-Israel military standoff that ended with U.S. airstrikes targeting Iranian nuclear facilities.
In new statements, “Robert” told Reuters that they were preparing to sell the hacked email archive and encouraged the media to publicize the issue.
Frederick Kagan, an expert at the American Enterprise Institute, suggested the operation could be part of a broader Iranian retaliation strategy. “They’ve likely been instructed to use every tool at their disposal short of provoking direct military retaliation from the U.S. or Israel,” he explained. “Email leaks fit that strategy.”
While U.S. officials had anticipated a possible surge in cyberattacks during the recent conflict, Iran-linked hackers remained largely dormant. However, cybersecurity agencies in the U.S. issued fresh warnings on Monday, cautioning that Iranian cyber actors could still target American infrastructure and businesses.