Amid ongoing tensions between the US and Iran, several US officials now suspect Iranian hackers are behind a series of breaches of systems that monitor levels in storage tanks serving gas stations across multiple states.
According to a CNN report on Friday, the responsible exploited automatic tank gauge (ATG) systems that were exposed online and left unprotected by passwords, according to sources. In some cases, this allowed them to alter display readings on the tanks, though not the actual fuel levels.
While the cyber intrusions do not typically cause physical damage or harm, the breaches have raised safety concerns because gaining access to an ATG could potentially allow a hacker to trigger a gas leak that might go undetected, according to officials.
Iran’s history of targeting gas tank systems
Citing sources briefed on the investigation, CNN reported that Tehran’s history of targeting gas tank systems is a key reason the is being considered a top suspect. However, they added that the US government may not be able to definitively determine who was behind the attack due to a lack of forensic evidence left by the hackers.
If confirmed, this would be the latest case of Tehran targeting critical infrastructure in Washington, which remains out of reach of Iranian drones and missiles, amid the conflict.
Additionally, it could also create a politically sensitive issue for US President ’s administration by drawing further attention to rising petrol prices linked to the war. According to a recent CNN poll, roughly 75 percent of US adults believe the Iran war has hurt their financial situation.
Recent hacking a warning to critical infrastructure operators?
The campaign also serves as a warning to many US critical infrastructure operators, who have struggled to secure their systems despite years of federal guidance and warnings.
Hacking groups in the Islamic Republic reportedly look for low-hanging fruit—exposed US computer systems linked to oil and gas facilities and water infrastructure. After attacked Israel on October 7, 2023, US officials blamed hackers affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) for a series of intrusions into US water utilities, where devices used to manage water pressure were reportedly altered to display an anti-Israel message.
Additionally, researchers have consistently warned about internet-facing ATGs for over a decade. In 2015, security firm Trend Micro put mock ATG systems online to observe what kinds of hackers would target them. A pro-Iran group quickly emerged.
In 2021, Sky News cited internal documents from the IRGC that identified ATGs as potential targets for disruptive cyberattacks on gas stations.
Iran ramps up cyber operations
While intelligence agencies in Washington have long believed that Tehran’s cyber capabilities are inferior to those of Moscow or Beijing, a recent series of opportunistic intrusions targeting key US assets during the conflict indicates that Iran remains a capable and unpredictable cyber threat.
Since the war began in late February, Iran-linked hackers have reportedly caused disruptions across several US oil, gas, and water sites, delayed shipments at Stryker, a major medical device maker in Washington, and leaked the private emails of Kash Patel, the FBI director.
During the war, Tehran’s cyber activity has shown “a significant increase in the scale, speed, and integration between cyber operations and psychological campaigns,” Yossi Karadi, head of Israel’s National Cyber Directorate, told CNN.
If confirmed, the breaches would highlight how relatively simple security gaps in industrial control systems, such as exposed and password-free ATGs, remain a persistent vulnerability in US critical infrastructure.
