Hackers believed to be affiliated with Iran have reportedly launched cyberattacks against automatic tank gauge (ATG) systems used to monitor underground fuel tanks at gas stations nationwide. Federal officials, as cited in a CNN report, indicated that while there is no evidence of actual fuel supply alteration or distribution disruption, the activity raises significant concerns regarding infrastructure safety and national security. The incidents highlight ongoing vulnerabilities in critical U.S. infrastructure and the persistent threat posed by state-sponsored cyber actors.
The targeted ATG systems are essential for tracking fuel levels, managing inventory, and detecting leaks at thousands of gas stations across the country. Investigators discovered that some of these systems were connected to the internet without adequate password protection, allowing intruders to gain unauthorized access. In certain instances, hackers were able to manipulate digital displays, though the direct impact on physical fuel infrastructure remains unconfirmed. Authorities have issued warnings that falsified readings could potentially mask dangerous fuel leaks or create other critical safety hazards for both consumers and infrastructure operators.
While U.S. investigators suspect the involvement of hackers linked to Iran, officials have not yet publicly attributed the attacks to a specific Iranian government agency. These reported breaches contribute to a growing body of evidence and concerns within Washington regarding Iran’s expanding cyber capabilities and its consistent efforts to target critical infrastructure both domestically and abroad.
This is not the first instance of alleged Iranian cyber activity targeting American systems. In 2016, the U.S. Department of Justice charged seven Iranian hackers, reportedly connected to the Islamic Revolutionary Guard Corps (IRGC), for orchestrating cyberattacks against dozens of American banks between 2011 and 2013. The same group was also accused of infiltrating the control system of the Bowman Avenue Dam in Rye Brook, New York, an incident that marked one of the earliest known Iranian-linked cyber intrusions into U.S. infrastructure.
Cybersecurity firms have consistently warned about the evolving nature of Iranian cyber threats. Dragos, a cybersecurity company, reported in 2019 that Iranian hacking groups were increasingly focusing on operational technology systems, including those tied to pipelines, utilities, oil facilities, and manufacturing operations. More recently, in 2022, Mandiant, another cybersecurity firm, noted that Iranian state-linked groups were employing more aggressive tactics, such as ransomware, credential theft, and destructive malware, against U.S. infrastructure operators.
The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have repeatedly cautioned critical infrastructure operators that Iranian hackers routinely scan the internet for poorly protected industrial control systems. In late 2023, the United States Department of the Treasury issued a warning about hackers tied to Iran’s Revolutionary Guard targeting water utilities and other infrastructure systems using internet-connected devices produced by Unitronics. Many of these attacks, federal agencies noted, exploited weak passwords and outdated cybersecurity protections, underscoring a persistent vulnerability.
The Cybersecurity and Infrastructure Security Agency (CISA) has consistently highlighted that numerous fuel, water, and utility systems nationwide remain vulnerable due to continued reliance on aging software and legacy industrial equipment. This reliance creates exploitable weaknesses that malicious actors, including state-sponsored groups, can leverage.
Beyond U.S. borders, Iranian-linked cyberattacks have also targeted energy infrastructure. Western officials and cybersecurity researchers attributed the 2012 Shamoon cyberattack against Saudi Aramco to Iranian actors. This attack notoriously wiped data from approximately 30,000 company computers, with Saudi officials describing it as one of the most destructive cyberattacks ever launched against the global energy industry. Iran has consistently denied involvement in many of the cyberattacks attributed to it by Western governments and cybersecurity firms.
These latest reported fuel-system breaches occur amidst escalating tensions between Iran, Israel, and the U.S. American officials have warned that Tehran could increasingly resort to cyber warfare as a strategic response to military or economic pressure, making the defense of critical infrastructure a paramount national security concern.
