The Iranian hacker group accused of targeting both presidential campaigns, and successfully breaching Donald Trump’s, also tried to hack multiple Utah government sites, according to a previously nonpublic state law enforcement notice obtained by NBC News.
The group tried to breach “Utah-based assets including a county in Utah, geological archive data, oil and gas, and other geographical resources related to Utah,” said the notice from the Utah Department of Public Safety Statewide Information and Analysis Center.
The U.S. and allied governments, as well as the Western cybersecurity industry, have long said the hacker group is composed of cyberespionage specialists working for the Islamic Revolutionary Guard Corps.
The Utah department issued the notice July 30, but it has not been publicly disclosed until now. It said the hacking group continued a series of unsuccessful efforts from March 2023 to March 2024.
The Utah department did not disclose precisely which organizations were targeted.
Cybersecurity experts say the disclosure shows how wide-ranging Iran’s cyberespionage operations can be.
“Intel collection is their bread and butter,” said Adam Meyers, the senior vice president of counter adversary operations at the American cybersecurity company CrowdStrike, which has tracked the group since 2013.
The Trump campaign said this month that it had been hacked as part of an Iranian election interference effort, and three American news outlets said they had been emailed stolen documents from the campaign. Both Microsoft and Google have said they have disrupted efforts by the Revolutionary Guard cyberespionage group to hack both parties’ campaigns this year. Google went further, asserting that it was successful with the Trump campaign and that it continues to target both Trump and Vice President Kamala Harris.
Three U.S. agencies said Monday that Iran was responsible for targeting both parties’ campaigns and breaching the Trump campaign. The Harris campaign has told NBC News it has not been breached.
A spokesperson for Iran’s mission to the United Nations did not respond to an email requesting comment on the Utah hacking attempts. The mission denied it had engaged in any election interference in a statement this week.
“Such allegations are unsubstantiated and devoid of any standing,” the statement read. “As we have previously announced, the Islamic Republic of Iran harbors neither the intention nor the motive to interfere with the U.S. presidential election.”
Utah learned about the hacking attempts on the state in February, the report says, after a federal agency tipped it off.
The Utah Department of Public Safety did not respond to an email requesting further information about the incidents. A spokesperson for the Utah Geological Survey said the organization was unaware of the hacking alert.
Countries with significant cyber capabilities, including Iran, often deploy hackers to try to gather intelligence about other countries. Cybersecurity companies have long tracked this group, which is known as Iran’s most prolific cyberespionage team. Industry analysts told NBC News that it is common, even expected, for it to target both political figures and sources with information about natural resources. Iran has some of the biggest crude oil reserves in the world, according to the CIA World Factbook.
“Generally, oil and gas industries are definitely a known target of the IRGC,” said Sergey Shykevich, the threat intelligence group manager at the Israeli cyber company Check Point.
The Utah law enforcement notice is marked unclassified but “For Official Use Only.” NBC News received it from Property of the People, a nonprofit group devoted to transparency in U.S. national security, which acquired it through an open records request.
