A hacker group believed to be affiliated with Iran’s military is threatening to release a new trove of internal emails allegedly stolen from close associates of former President Donald Trump. The group, which previously leaked material from the Trump campaign in 2023, claims to possess 100 gigabytes of sensitive data, including communications involving political aides, attorneys, and public figures connected to Trump’s orbit. The threat comes amid heightened tensions between the United States and Iran.
New Threats Follow Earlier Election-Related Hack
The hacker group, operating under the name “Robert,” first gained attention last year when it leaked campaign documents to both U.S. media organizations and members of President Joe Biden’s campaign staff. Those documents were believed to have been taken from the Trump campaign as part of a larger cyberespionage campaign. At the time, cybersecurity experts and some political analysts suggested that the activity was an attempt by Iranian operatives to interfere in the 2024 presidential election.
Now, the group claims it has obtained and may release emails belonging to several prominent figures associated with Trump. According to a report by Reuters, the targets include Susie Wiles, Trump’s chief of staff; Roger Stone, a longtime political adviser; attorney Lindsey Halligan; and Stormy Daniels, the adult film actress involved in ongoing legal disputes related to Trump. The group has indicated it may try to sell the material but has not provided details about the content or potential buyers.
The renewed threat follows U.S. airstrikes on Iran, carried out under Trump’s direction, which have escalated tensions between the two nations. While the timing has raised questions about motive, there is currently no clear evidence connecting the email leak threats directly to Iran’s recent geopolitical response. Cybersecurity officials have not confirmed whether the group’s claims are credible, and no documents from this latest breach have been publicly released.
U.S. Officials Respond to Allegations of Foreign Cyberattacks
The Trump administration has dismissed the hackers’ latest claims as an attempt at political manipulation. Marci McCarthy, director of public affairs for the Cybersecurity and Infrastructure Security Agency (CISA), issued a statement on social media platform X calling the campaign “digital propaganda.” McCarthy said the attack is part of a “calculated smear campaign meant to damage President Trump and discredit honorable public servants.”
Cybersecurity experts have expressed concern about the potential for continued cyber interference by foreign actors targeting American institutions. While Iran is not typically ranked among the most advanced global cyber powers, its affiliated groups have previously demonstrated the ability to conduct surveillance and exfiltrate data from U.S. targets. The group known as APT42, also referred to as “Charming Kitten,” is often cited in connection with these activities.
Reuters has reported that this group employs methods such as mobile malware capable of recording calls and monitoring digital activity. In the past, the group has been linked to the theft of email communications from former intelligence and diplomatic officials, including a former CIA deputy director and a former U.S. ambassador to Israel. These operations are viewed by U.S. intelligence as part of Iran’s broader effort to collect sensitive information and disrupt American political processes.
Indictments and International Cybersecurity Concerns
In September 2024, the U.S. Department of Justice announced criminal charges against three individuals accused of participating in the earlier Trump campaign hack. The indictment alleged that the operatives were working on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC), a branch of Iran’s armed forces that is also involved in cyber and intelligence operations. The Justice Department stated that the group’s actions were intended to sow political discord and undermine public trust in the U.S. electoral system.
According to the indictment, the hackers stole documents, emails, and other campaign-related materials through targeted phishing attacks and other cyber intrusion techniques. The charges highlight a pattern of hack-and-leak operations that federal authorities have warned are designed to exploit divisions within American society. The defendants have not been apprehended and are believed to remain outside the reach of U.S. law enforcement.
The ongoing activity of these hacker groups underscores the increasing role of cyber operations in global conflicts and domestic politics. As foreign actors continue to target political campaigns, government agencies, and individual officials, cybersecurity remains a critical issue ahead of future elections. The Biden administration, along with U.S. intelligence and defense agencies, has maintained that strengthening digital defenses is essential to preserving democratic processes.