Iran-Linked Hackers Threaten to Leak More Emails from Trump’s Inner Circle
Cyber group claims possession of 100GB of data from top Trump aides, raising alarms amid post-Iran-Israel war tensions.
Watan-Iran-linked hackers have threatened to release more stolen emails from President Donald Trump’s inner circle, after having already distributed a batch to the media ahead of last year’s U.S. presidential election.
In an online chat with Reuters on Sunday and Monday, the hackers — using the alias “Robert” — claimed they possessed nearly 100 gigabytes of emails from the accounts of top White House officials, including Susie Wiles, Trump attorney Lindsey Halligan, Trump adviser Roger Stone, and Stormy Daniels, the adult film actress turned Trump opponent.
While suggesting they might sell the data, the hackers declined to give further details or describe the email content.
U.S. Attorney General Pam Bondi called the breach an “outrageous cyberattack.” FBI Director Kash Patel stated, “Anyone involved in any form of national security breach will be fully investigated and prosecuted to the fullest extent of the law.”
The U.S. Cybersecurity Agency wrote on X (formerly Twitter): “This so-called cyberattack is nothing but digital propaganda — a calculated smear campaign aimed at harming President Trump and defaming honorable public servants.”
Neither Halligan, Stone, nor a representative for Daniels responded to requests for comment. Iran’s mission to the UN also did not comment, though Tehran has denied involvement in cyber espionage in the past.
The hacker group surfaced during the final months of Trump’s presidential campaign last year, claiming to have hacked email accounts of Trump allies, including Wiles. They distributed leaked messages to journalists.
Reuters previously verified some of the leaked materials, including an email appearing to document a financial arrangement between Trump and attorneys representing former presidential candidate Robert F. Kennedy Jr., now Secretary of Health in Trump’s administration. Other materials included campaign discussions on GOP candidates and legal negotiations with Daniels.
Though the leaks received some media coverage, they had little effect on the outcome of the race, which Trump won.
In a September 2024 indictment, the U.S. Justice Department alleged that the Iranian Revolutionary Guard orchestrated the cyberattack carried out by the “Robert” group.
The hackers declined to respond to this accusation in their chat with Reuters.
Following Trump’s victory, the group told Reuters it had no plans to publish further leaks. In May, they claimed to have ceased activity, but resumed contact after this month’s 12-day air war between Israel and Iran, which culminated in U.S. strikes on Iranian nuclear sites.
This week, the group said it was organizing a sale of the stolen emails.
Frederick Kagan, a researcher at the American Enterprise Institute who has written extensively on Iranian cyber espionage, said that Iran had suffered serious losses in the conflict, and its intelligence units were likely seeking revenge without prompting a stronger U.S. or Israeli military response.
“The working assumption is that everyone has been ordered to use any asymmetric tools that are unlikely to trigger renewed major military action,” he said. “More email leaks probably won’t lead to that.”
Despite fears of a digital onslaught, Iranian hackers have so far had minimal impact during the recent conflict.
Still, U.S. cybersecurity officials warned Monday that American companies and critical infrastructure operators remain potential targets for Tehran.
