Iran’s ‘Robert’ Hacker Sets Sights on Trump

Recent warnings from national security analysts indicate that Iranian hackers may have successfully exfiltrated a substantial cache of private emails from individuals closely associated with former President Donald Trump. This cyber incursion is thought to be emblematic of Iran’s intent to retaliate against past U.S. cyber actions directed at its nuclear facilities.

A hacking group known as “Robert,” allegedly affiliated with Iranian interests, has asserted that it possesses 100 gigabytes of emails related to several key figures in Trump’s inner circle, including White House Chief of Staff Susie Wiles and attorney Lindsey Halligan, as well as political adviser Roger Stone and adult film actress Stormy Daniels, noted in connection with the 2016 controversy involving the former president. Identified by the U.S. Department of Justice as being associated with Iran’s Revolutionary Guards in September 2024, the group claimed it might consider selling the emails but provided no substantive details regarding their contents or the specifics of its plans.

Experts consulted by Information Security Media Group suggest that the authenticity of the emails could be plausible, given that the group previously leaked validated correspondence during the 2024 campaign—communications relating to Trump and the settlement agreements involving Daniels. Max Lesser, a senior analyst at the Foundation for Defense of Democracies, posits that this operation seems intended to display Iran’s cyber capabilities and to shape the narrative domestically.

According to Lesser, Iran likely assesses that targeting Trump and his team may resonate particularly well given their perceived vulnerability in cybersecurity protocols compared to U.S. government officials. He advocates for a proactive approach by U.S. authorities to bolster cybersecurity measures in the private sector.

The threats from the Robert hacking group have emerged amid a backdrop of escalating warnings about potential Iranian cyberattacks against Israel, the United States, and allied nations. In response, the Cybersecurity and Infrastructure Security Agency, alongside the FBI and other federal authorities, has urged operators of critical infrastructure to maintain heightened vigilance against potential cyber assaults, especially from Iranian-affiliated groups that are increasingly exploiting susceptibilities in their targets.

The mechanism by which Robert allegedly acquired such a large volume of email data, and whether these emails are more damaging than those released in 2024—which had minimal electoral impact—remains ambiguous. An anonymous former Department of Defense cybersecurity official suggested that the data could consist of older emails retained for strategic timing and impact.

Robert’s earlier hacking and leaking attempts against Trump were reportedly ineffective, leading to speculation that the group may have preserved this batch for more impactful deployment. The mere suggestion of blackmail against an American president is perceived to carry significant consequences in Iranian politics rather than in U.S. public perception.

CISA Director Marci McCarthy remarked that the claims made by Robert are likely intended as digital propaganda—a calculated attempt to undermine President Trump’s standing. The White House echoed these sentiments through FBI Director Kash Patel, asserting that any cybersecurity breach would be thoroughly investigated and prosecuted.