A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
The FBI said Tuesday that it is investigating a breach linked to suspected Iranian hackers known as “Robert,” claiming to have sensitive material from President Trump’s team.
The shadowy Robert emerged during the 2024 presidential campaign and reportedly hawked information on Mr. Trump’s inner circle to various media outlets.
FBI Director Kash Patel said the bureau takes all threats against the president and his staff with the utmost seriousness.
“Safeguarding our administration officials’ ability to securely communicate to accomplish the president’s mission is a top priority,” Mr. Patel said in a statement. “Anyone associated with this breach of national security will be fully investigated and prosecuted to the fullest extent of the law.”
Earlier this week, Robert told Reuters that it had approximately 100 gigabytes of emails from the accounts of White House Chief of Staff Susie Wiles, Trump adviser Roger Stone, lawyer Lindsey Halligan and adult film actress Stormy Daniels, an opponent of Mr. Trump.
The hackers did not describe the content of the emails they claimed to have amassed, but Reuters said Robert floated the idea of selling the content.
Cybercriminals often use media attention to their exploits to pressure victims and raise the cost of potential extortion.
This is not the first cybersecurity headache Robert has caused.
Last July, Politico said someone identifying as “Robert” contacted the news outlet via an AOL email account and shared a research dossier on J.D. Vance, then Mr. Trump’s running mate.
Other news outlets reported receiving similar material from the same tipster, but the news outlets declined to publish the information. Writer Ken Klippenstein later published the allegedly hacked research dossier on Mr. Vance, now Mr. Trump’s vice president.
The U.S. intelligence community said last year that Iran was responsible for a hack-and-leak operation aimed at Mr. Trump’s campaign. The Justice Department subsequently charged three Islamic Revolutionary Guard Corps employees in September in the hack-and-leak operation.
Whether Robert’s latest claims of amassing sensitive material extend from earlier breaches or newer hacks is unclear.
The Cybersecurity and Infrastructure Security Agency said Robert’s reemergence represents a foreign adversary’s effort to illegally exploit potentially stolen information to distract and divide Americans.
“This so-called cyber ‘attack’ is nothing more than digital propaganda, and the targets are no coincidence,” agency spokeswoman Marci McCarthy said on X. “This is a calculated smear campaign meant to damage President Trump and discredit honorable public servants who serve our country with distinction.”
Ms. Wiles, a potential victim of Robert, is dealing with more than one potential cybersecurity problem.
In May, word spread that someone was impersonating her via text messages and phone calls.
Federal authorities investigated a clandestine effort to imitate Ms. Wiles in communications with top politicians and business executives, according to The Wall Street Journal, which said U.S. officials did not initially believe a foreign government was involved.
Whether the impersonators and Robert have any connection is not publicly known.
Ms. McCarthy said the Trump administration would hunt down the criminal hackers and bring them to justice.
“Let this be a warning to others: There will be no refuge, tolerance or leniency for these actions,” she said.
However, the cybersecurity posture of the Trump administration is facing criticism on Capitol Hill.
Sen. Ron Wyden, Oregon Democrat, wrote to Mr. Patel on Monday to complain that the FBI was not providing effective cybersecurity guidance to government officials and was not taking counterintelligence threats seriously.
“FBI guidance to the Senate, which presumably mirrors its guidance to executive branch officials, has thus far consisted of remedial advice such as not clicking on suspicious links or attachments, not using public Wi-Fi networks, turning off Bluetooth, keeping phone software up to date, and rebooting regularly,” he wrote. “This is insufficient to protect Senate employees and other high-value targets against foreign spies using advanced cyber tools.”
The FBI, Cybersecurity and Infrastructure Security Agency, National Security Agency and Department of Defense Cyber Crime Center published an alert on Monday about cybersecurity threats from Iran.
The agencies said critical infrastructure entities should stay vigilant against Iranian threats and heed specific guidance that the agencies published in a fact sheet Monday.
“Iranian state-sponsored or affiliated threat actors are known to conduct a range of targeted cyber activity to include exploit known vulnerabilities in unpatched or outdated software, compromise internet-connected accounts and devices that use default or weak passwords and work with ransomware affiliates to encrypt, steal and leak sensitive information,” the agencies’ alert said.
Regarding its posture against counterintelligence threats, FBI Deputy Director Dan Bongino published updated details on arrests, cases and open counterintelligence investigations on X. He said 51 foreign intelligence agents had been arrested since the start of 2025, as part of the bureau’s efforts to combat China, Iran, Russia, North Korea and other foreign adversaries.
Iran’s mission to the United Nations did not respond to a request for comment.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.