The Iran-linked hackers who made headlines during the 2024 elections for releasing stolen emails between Trump and his inner circle are back and ready for round two, according to a new report by Reuters. This is as top cyber officials release a new warning to US companies about Iranian-affiliated attacks.
Apparently, the hackers – who call themselves “Robert” and have been communicating with the news agency since Sunday – say they have about 100GB worth of email correspondence between Trump and several members of his inner circle.
Accounts allegedly included in the fresh round of emails are White House Chief of Staff Susie Wiles, Trump attorney Lindsey Halligan, Trump adviser Roger Stone, and even some from “porn star-turned-Trump antagonist Stormy Daniels,” the outlet reported.
In a series of online chats with Reuters staff, Robert told the outlet they were considering selling the never-before-seen material, but did not say when or who they might offer it to, nor did they reveal what is in the emails.
FBI Director Kash Patel said in a statement about the possible leak that "Anyone associated with any kind of breach of national security will be fully investigated and prosecuted to the fullest extent of the law."
On Monday, the FBI and the US Cybersecurity and Infrastructure Security Agency warned American defense companies and critical infrastructure operators the “need for increased vigilance” against Iranian state-sponsored or affiliated attacks – especially those with ties to Israeli research and defense firms.
"Based on the current geopolitical environment, Iranian-affiliated cyber actors may target US devices and networks for near-term cyber operations," including possible ransomware attacks in coordination with known operators who offer affiliate services, the advisory said.
Blast from the past
‘Robert’ is the same cyber actor known for distributing a prior batch of emails to US journalists in the lead up to the November 2024 US presidential election, which had also included emails from Chief of Staff Wiles.
Besides Wiles, the emails, some of which were authenticated by Reuters at the time, included correspondence between Trump and lawyers representing Robert F. Kennedy Jr., the former presidential candidate-turned-US-Health-Secretary, and appeared to show some sort of financial arrangement between the two.
Other material included a discussion of settlement negotiations with Stormy Daniels, as well as Trump campaign communication about Republican office-seekers, Reuters said.
After distributing the emails to the media in 2024, ‘Robert’ told Reuters – which had been in communication with the cybercriminal gang again this May – that they were now “retired” and did not plan to take further action with the alleged stolen cache.
But since the Israeli air campaign against Tehran and the US bombing of Iran’s three nuclear sites on June 21st, Reuters said the group had “resumed communication.”
The group reportedly told Reuters it was “organizing a sale of stolen emails” and wanted the agency to “broadcast this matter."
Proof Iranian hackers are mobilizing?
Also mentioned in Monday’s CISA threat advisory was the 2024 “hack-and-leak” operation believed to be carried out by the cyber actors known as Robert.
Last September, the US Justice Department indicted three employees of Iran’s Islamic Revolutionary Guard Corps (IRGC) in connection with the leak, claiming the hackers' goal was to undermine the US elections.
The IRGC cyber actors were accused of hacking into the accounts of “current and former US officials, members of the media, nongovernmental organizations, and individuals associated with US political campaigns.”
Still, Robert's released stolen communications had little effect on the election, possibly being overshadowed by China’s Salt Typhoon, the Beijing nation-state actors blamed for breaching multiple US telecoms and gaining access to phone records between Trump and then-running mate JD Vance, among other campaign staffers.
Iranian cyberespionage expert and American Enterprise Institute scholar Frederick Kagan told the outlet on Monday that because of the serious damage to Iran’s nuclear sites and defense capabilities, Iranian spies were more likely to retaliate in ways that do not draw more US or Israeli action.
"A default explanation is that everyone's been ordered to use all the asymmetric stuff that they can that's not likely to trigger a resumption of major Israeli/U.S. military activity," he said. "Leaking a bunch more emails is not likely to do that."
Meanwhile US Homeland Security officials had issued an initial advisory warning about low-level Iranian cyberattacks targeting US critical infrastructure last Monday.
Ariel Parnes, former Colonel of the Israel Defense Forces’ 8200 Cyber Unit and now COO and co-founder of Mitga, told Cybernews that "Over the past few years, Iran has used cyber as a reliable tool of retaliation, targeting hospitals, utilities, and government systems across the US, Europe, and the Middle East."
“These operations aren’t random. They’re calculated, low-cost moves designed to create disruption, project power, and signal intent,” Parnes said.
The advisory further warned of Iranian hackers' past targeting of US water and wastewater facilities, specifically by exploiting an Israeli-manufactured Unitronics programmable logic controller (PLC) – a component commonly used in many industrial automation systems, including automotive manufacturing, food processing plants, and the petrochemical industry.
CISA has not commented on the latest threats by the 'Robert' group.
Your email address will not be published. Required fields are markedmarked