A hacker collective known as “Robert,” believed to be linked to Iranian intelligence, claims to have seized roughly 100 gigabytes of email data from figures close to President Donald Trump. In encrypted chats with Reuters on Sunday and Monday, the hackers said the files were taken from the accounts of White House Chief of Staff Susie Wiles, Trump attorney Lindsey Halligan, adviser Roger Stone, and adult film actress Stormy Daniels, a long-standing critic of Trump.
Parts of the trove had already surfaced ahead of the 2024 election. At the time, the group distributed a batch of emails directly to several journalists. Reuters authenticated some of the material, including one message detailing an alleged financial arrangement between Trump and attorneys representing Robert F. Kennedy Jr., now serving as Trump’s Secretary of Health. Other documents included internal communications from Trump’s campaign team and exchanges related to the legal dispute with Daniels. The leaks attracted media attention but had little effect on the outcome of the race, which Trump won last November.
This week, the group said it plans to resume publishing. “I am organizing a sale of the stolen material,” one member wrote in a message to Reuters. “I want Reuters to broadcast this matter.” The hackers gave no timeline for release and offered no specifics on the contents.
U.S. officials quickly condemned the operation. “An unconscionable cyber-attack,” said Attorney General Pam Bondi. FBI Director Kash Patel stated that “anyone associated with any kind of breach of national security will be fully investigated and prosecuted to the fullest extent of the law.” The Cybersecurity and Infrastructure Security Agency (CISA) issued a statement calling the leaks “a calculated smear campaign,” adding, “the targets are no coincidence. This is meant to damage President Trump and discredit honorable public servants who serve our country with distinction.”
Those allegedly targeted have not commented. Halligan, Stone, and Daniels’ representative did not respond to requests. Iran’s mission to the United Nations also declined to comment. Tehran has consistently denied involvement in cyberespionage operations.
The “Robert” group first appeared in late 2024, during the closing phase of the presidential campaign, when it claimed to have accessed multiple Trump-aligned email accounts. It later released parts of the data to the press. After the election, the hackers declared their operation over. “I am retired, man,” a member told Reuters in May. The break, however, proved temporary.
The group’s reemergence follows a 12-day conflict between Israel and Iran, ending with U.S. airstrikes on Iranian nuclear facilities. According to Frederick Kagan, a scholar at the American Enterprise Institute who studies Iranian cyber operations, the leaks could be a form of retaliation. “A default explanation is that everyone’s been ordered to use all the asymmetric stuff that they can that’s not likely to trigger a resumption of major Israeli/U.S. military activity,” he said. “Leaking a bunch more emails is not likely to do that.”