The Iranian-affiliated group that successfully hacked former President Donald Trump’s campaign “possibly” targeted infrastructure in Utah, although the state’s Department of Public Safety can’t say for sure.
Last week, several national security and law enforcement agencies confirmed Trump’s claim that Iranian hackers had successfully compromised his campaign. Now, Utah officials said the group, called Mint Sandstorm, could be behind unsuccessful hacking attempts related to Utah’s oil and gas industry and other geological data.
The division analyzed data from March 2023 to March 2024, although that’s not necessarily when the attempts took place. The investigation didn’t find any evidence of a breach.
“Indicators of compromise were researched and possibly tied to the threat actor group Mint Sandstorm, but it is not confirmed that it was this group. So, we cannot confirm the attempts we observed were Mint Sandstorm,” the Utah Department of Public Safety, or DPS, said in a statement to Utah News Dispatch on Monday.
Mint Sandstorm has been active since 2013, targeting Iranian dissidents, journalists, universities and government agencies, according to a report from Microsoft’s Security Insider. According to Meta, the group targeted the campaigns of both Trump and President Joe Biden earlier this year using WhatsApp. Documents hacked from the Trump campaign were later sent to The New York Times, Washington Post and Politico.
In a story published last Friday, NBC News reported the same group attempted to breach “Utah-based assets including a county in Utah, geological archive data, oil and gas, and other geographical resources related to Utah,” citing a leaked DPS document issued on July 30. A spokesperson for the Utah Geological Survey told the news outlet the agency was unaware of any attempted attack.
But DPS on Monday told Utah News Dispatch that the report was partly “inaccurate.”
“Our leaked For Official Use Only report indicated that it could possibly be a threat from the actor group Mint Sandstorm, but we never confirmed the source,” the department said.
Whether the attempted incursion came from Mint Sandstorm or not, it’s fairly common for foreign nations, or groups associated with them, to target state institutions or businesses. Each week, there are hundreds of thousands, if not millions, of hacking attempts and probes linked to other countries, said Jeff Plank, a sergeant with the Utah State Bureau of Investigations who supervises its cybercrime unit.
Mostly they stem from China, Russia and Iran, he said, often interested in critical infrastructure. The state’s water and energy infrastructure and financial system are frequent targets. So are the mining, oil and gas industries.
“They’re always looking to see how they can possibly use that data to harm our critical infrastructure. Oil and gas is definitely one of the big ones,” said Plank, who couldn’t speak specifically to the Mint Sandstorm report.
And while one million attempts in a single week may seem like a lot, Plank said foreign governments or government-affiliated groups write programs allowing them to launch repeated, automated attacks.
“Those numbers add up pretty quickly. And it’s a way to probe, reach and look into things and see if they can get from one network to the next,” Plank said. “The idea is a well-balanced attack and they’re going to go after every single infrastructure that they can.”
Those “probes” are often exploratory, but they can yield big results with potentially dangerous or damaging consequences, especially when they target critical infrastructure.
“All of a sudden you might find that you’re able to turn off a valve, or turn up the temperature,” said Plank.
Hackers also routinely target Utah networks in hopes of gaining access to federal data. In 2013 when the National Security Agency built its data center in Bluffdale, Plank said the state saw an increase in what he called “interest from various nation states.”
“Utah in general saw a lot more interest and visits by foreign IPs when that was happening, and still today. Some people think there’s a backdoor here, where they can go through the state network and get to the NSA,” he said.
Plank reminded Utahns on Monday to take a few simple, minimal steps to protect themselves from cybercrime:
Make sure your computer’s operating system is up to date.
Create new and complex passwords.
Use two-factor authentication.
Back up your sensitive data offline.
Be skeptical of emails from strangers that could be phishing attempts.
If you have employees, have them undergo cybersecurity training.
“That should save most people a lot of headaches,” Plank said.
Utah News Dispatch is part of States Newsroom, a nonprofit news network supported by grants and a coalition of donors as a 501c(3) public charity. Utah News Dispatch maintains editorial independence. Contact Editor McKenzie Romero for questions: info@utahnewsdispatch.com. Follow Utah News Dispatch on Facebook and X.
