This post is also available in:
עברית (Hebrew)
A new wave of cyber activity from Iran-linked hackers has emerged, with the group responsible for the 2024 U.S. election email leaks reportedly gearing up for another round of data dumps. The hackers, known as “Robert,” are said to have acquired approximately 100GB of sensitive email correspondence, primarily involving former U.S. President Donald Trump and his close associates. Among the newly exposed individuals are high-profile figures like White House Chief of Staff Susie Wiles, Trump’s attorney Lindsey Halligan, adviser Roger Stone, and even Stormy Daniels, the actress involved in a long-standing legal dispute with Trump.
In an ongoing exchange with Reuters, “Robert” stated that they are considering selling the emails but have yet to confirm details about the potential buyers or the contents of the documents. The FBI has warned that anyone involved in leaking such sensitive material would face full legal consequences.
The hacking group “Robert” first gained attention in 2024 for leaking a batch of emails ahead of the U.S. presidential elections. These included sensitive correspondence involving Trump and his legal team, as well as settlement discussions with Daniels. According to Reuters, Despite initially claiming retirement from hacking activities, the group resumed operations after tensions between Israel and Iran escalated in June 2025, with Iranian cybercriminals seemingly retaliating against Israeli airstrikes on Tehran and U.S. air raids targeting Iran’s nuclear sites.
The resurgence of the hacker group comes as the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a fresh warning to U.S. defense companies and critical infrastructure operators. The advisory emphasized heightened vigilance against Iranian state-sponsored cyber operations, particularly those targeting networks linked to Israeli defense and research firms. Experts believe Iranian-affiliated cyber actors may ramp up attacks, including ransomware campaigns, in coordination with international criminal networks.
The hacker group’s previous efforts had limited impact on the election outcome. However, experts suggest the resumption of “Robert’s” activities signals a broader trend of Iranian retaliation in the form of cyberattacks aimed at the U.S., using asymmetric tactics that avoid direct military confrontation.
This new phase of cyber activity highlights the growing role of cyber espionage and cybercrime in modern geopolitics, with state-affiliated groups using digital warfare to assert influence and respond to geopolitical shifts.
