Hackers linked to Iran's Revolutionary Guard have threatened to release roughly 100 gigabytes of stolen emails from top allies of President Donald Trump, escalating tensions following U.S. airstrikes on Iranian nuclear facilities and amid growing concerns over foreign digital interference in Washington.
The hacking group, operating under the pseudonym "Robert," reemerged this week in online communications with Reuters, claiming to possess emails from Trump White House Chief of Staff Susie Wiles, attorney Lindsey Halligan, adviser Roger Stone, and adult film actress Stormy Daniels. "Robert" previously distributed hacked communications ahead of the 2024 presidential election, including emails authenticated by Reuters that discussed legal strategy and campaign finances.
U.S. Attorney General Pam Bondi condemned the breach as "an unconscionable cyber-attack." FBI Director Kash Patel said in a statement that "anyone associated with any kind of breach of national security will be fully investigated and prosecuted to the fullest extent of the law."
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) dismissed the hack as part of a disinformation campaign. "This so-called cyber 'attack' is nothing more than digital propaganda, and the targets are no coincidence," said CISA spokesperson Marci McCarthy. "This is a calculated smear campaign meant to damage President Trump and discredit honorable public servants who serve our country with distinction."
The hackers offered few details about the contents of the newly stolen material and have not confirmed a timeline for release. While they previously claimed to have "retired," the group resurfaced following the 12-day air war between Israel and Iran, which ended with U.S. strikes on Iranian nuclear facilities in June. "Robert" told Reuters they are now seeking to "broadcast this matter" and may sell the material.
Among the earlier leaks were emails purportedly detailing a financial arrangement between Trump and lawyers representing Robert F. Kennedy Jr., who now serves as Trump's health secretary, and internal campaign discussions about Stormy Daniels and Republican candidates. The documents circulated before the 2024 election but did not significantly impact the outcome.
The U.S. Justice Department indicted three members of Iran's Revolutionary Guards in September for their alleged roles in the earlier hacking campaign. Tehran has consistently denied engaging in cyberespionage, and Iran's mission to the United Nations did not respond to requests for comment.
Frederick Kagan, a senior fellow at the American Enterprise Institute, said the renewed cyber activity reflects Iran's search for non-military avenues of retaliation following the June strikes. "A default explanation is that everyone's been ordered to use all the asymmetric stuff that they can that's not likely to trigger a resumption of major Israeli/U.S. military activity," Kagan told Reuters. "Leaking a bunch more emails is not likely to do that."
The FBI and CISA issued a broader advisory to critical infrastructure operators on Monday, warning that Iran-linked hackers remain active and may be targeting sectors including finance, energy, and communications.