A group tied to Iran’s Revolutionary Guards claims to hold 100GB of stolen emails from Trump affiliates and may try to sell them.
A hacker group calling itself “Robert,” which U.S. officials say is linked to Iran’s Islamic Revolutionary Guard Corps, has threatened to release or sell a new cache of stolen emails from associates of former U.S. President Donald Trump. According to Reuters, the hackers previously leaked materials from Trump’s 2024 campaign, and now claim to hold roughly 100 gigabytes of emails from White House Chief of Staff Susie Wiles, Trump lawyer Lindsey Halligan, adviser Roger Stone, and Stormy Daniels.
U.S. Attorney General Pam Bondi called the incident “an unconscionable cyber-attack.” The FBI and CISA issued statements condemning the act as a politically motivated smear campaign rather than a genuine national security breach.
The hacker group first appeared publicly in the final stretch of the 2024 presidential election, when it distributed stolen Trump campaign communications to journalists. Verified leaks from that time included internal discussions about campaign strategy, settlements with Stormy Daniels, and a financial agreement involving Trump and attorneys representing Robert F. Kennedy Jr.
While the leaks received some media coverage, they did not have a major impact on the outcome of the election, which Trump won.
Hackers behind “Robert” had claimed to be “retired” as recently as May 2025. However, they resurfaced following a 12-day air war between Israel and Iran, during which the U.S. bombed Iranian nuclear facilities. In recent messages to Reuters, the group suggested it is now organizing a sale of the stolen emails and asked the outlet to help publicize the matter.
Attorney General Bondi denounced the breach as a serious cyberattack. FBI Director Kash Patel stated that any parties linked to breaches of national security would face full prosecution. CISA’s public response labeled the hack as “digital propaganda” and a calculated effort to damage Trump and his allies.
The Iranian government did not comment, and the group “Robert” declined to confirm or deny its ties to the Revolutionary Guards. A 2024 indictment by the U.S. Justice Department linked the hackers to Tehran’s cyber apparatus.
Frederick Kagan of the American Enterprise Institute said the timing suggests a shift in strategy by Iranian cyber operatives: using non-military methods to retaliate without provoking further escalation.
A 2024 U.S. indictment attributed the group to Iran’s Revolutionary Guards based on technical indicators, patterns of activity, and overlap with past cyber operations traced to Tehran.
Common methods include credential phishing, exploiting email server vulnerabilities, or purchasing stolen login credentials on dark web marketplaces.
Direct prosecution is unlikely without extradition, but the U.S. can issue indictments, impose sanctions, and use diplomatic or cyber tools to deter future activity.
Selling private emails could expose sensitive legal, financial, or policy-related information. Even if the emails are outdated, they may be selectively used to create reputational or diplomatic damage.
They should use multi-factor authentication, avoid reusing passwords, and limit sensitive communication through unsecured platforms. Regular security audits are also recommended.