Iranian Hacker Group Threatens to Release Trove of Emails from Top Aides to Trump

Latest Developments

• Hackers Threaten Email Leaks From Trump Aides: Iranian hackers are threatening to leak private emails obtained from top aides to President Donald Trump, the Cybersecurity and Infrastructure Security Agency (CISA) warned. “This is a calculated smear campaign meant to damage President Trump and discredit honorable public servants who serve our country with distinction,” CISA Director of Public Affairs Marci McCarthy stated on X. The hacker group, which calls itself “Robert,” claimed that it had approximately 100 gigabytes of emails from accounts of close Trump aides, including Susie Wiles, the White House chief of staff, Lindsey Halligan, a lawyer who serves as the president’s special assistant, and Roger Stone, a political consultant who has long advised the president.
• Hackers Resumed Activity After Hiatus: Representatives of “Robert” told Reuters that they were organizing a sale of the emails to “broadcast this matter.” The group resumed its activities in the wake of the U.S. bombing of Iran’s nuclear facilities, following months of silence after the 2024 presidential election. The group released a portion of the emails to journalists prior to the election in an effort to derail Trump’s campaign. In September 2024, a Justice Department indictment linked the hacks to Iran’s Islamic Revolutionary Guard Corps, naming Iranian nationals Masoud Jalili, Seyyed Ali Aghamiri, and Yasar Balaghi.
• U.S. Agencies Warn of Iranian Cyberattacks: The FBI and other U.S. federal agencies released a bulletin on June 30 warning that Iranian regime-affiliated hacking groups still seek to target and disrupt critical infrastructure systems in the United States, which may include utilities, transportation, and economic hubs. The bulletin stated that American defense companies, particularly those with relationships to Israeli research and defense firms, are at an increased risk. Iran-aligned groups have so far unsuccessfully targeted American banks, defense contractors, and energy companies.

FDD Expert Response

“Cyberattacks provide the Islamic Republic with a low-cost, high-visibility tool to retaliate against the United States for its strikes on Iran’s nuclear weapons facilities. Iranian cyber operations have continued unabated regardless of whether U.S. administrations are negotiating nuclear deals or imposing sanctions over the regime’s support for terrorism. State-backed hackers and pro-regime hackers use cyber-enabled influence campaigns and attacks on American entities to undermine U.S. national security and public health and safety.” — Annie Fixler, Director of FDD’s Center on Cyber and Technology Innovation (CCTI) and Senior Fellow

“Investigations of Iran’s retaliation in cyberspace to U.S. strikes on its nuclear facilities have focused on cyberattacks against companies and critical infrastructure. Cyber-enabled influence operations provide another vector of attack that would not likely warrant a severe response. This was not the first hack-and-leak conducted by Iran against Trump and may not be the last.” — Max Lesser, Senior Analyst on Emerging Threats

FDD Background and Analysis

“FDD Connects Anti-Israel Network on Social Media to Iranian Website, Pro-Regime Actor,” by Max Lesser

“FDD Uncovers Large Iranian Network Impersonating Israelis on Social Media,” by Max Lesser and Maria Riofrio

“Iran Conducts Cyberattacks to Terrorize Israelis,” by Johanna Yang, Ari Ben Am, and Rohannah Shrestha

“U.S. and Israel Expose Iran’s Tenacious Malign Influence,” by Max Lesser and Ari Ben Am

“Iranian Hackers Compromise American Water Utilities,” by Annie Fixler and Suyash Pasi