Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible

Exclusive: Iranian Cyber Actors Target U.S. Gas Station Fuel Monitoring Systems

Exclusive – Multiple U.S. officials have indicated that Iranian hackers are likely responsible for recent cyber intrusions into automatic tank gauge (ATG) systems at gas stations across several states. These systems, which track fuel levels in underground storage tanks, were found to be vulnerable due to their exposure to the internet without password protection. While the hackers managed to alter display readings on some tanks, they did not access the actual fuel levels, according to sources familiar with the investigation.

Targeted Infrastructure and Potential Risks

The breaches, though not causing physical damage or harm, have sparked safety concerns among experts. A single compromised ATG system could, in theory, allow malicious actors to conceal a gas leak, potentially leading to environmental or operational risks. Private cybersecurity analysts and U.S. government officials alike have highlighted this vulnerability, emphasizing the need for stronger defenses in critical infrastructure.

Iran’s history of targeting fuel monitoring systems has made it a prime suspect in the current incident. However, the lack of clear forensic evidence has left officials unable to definitively confirm the country’s involvement. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has been approached for comment, while the Federal Bureau of Investigation (FBI) has chosen not to respond publicly.

Broader Implications of the Cyber Campaign

Confirming Iran’s role in these attacks would mark another instance of the country leveraging its cyber capabilities to disrupt U.S. infrastructure. Despite the absence of direct drone or missile strikes on American soil, the ongoing conflict between the U.S. and Israel has intensified Iran’s cyber activities, creating a new front in the war. This development could also become a political point for the Trump administration, as it ties into the rising cost of gasoline and public sentiment about the war’s economic impact.

A recent CNN poll revealed that 75% of U.S. adults believe the Iran conflict has negatively affected their personal finances. The attacks on ATG systems have added to this perception, with critics suggesting that Tehran’s cyber operations are becoming more sophisticated and strategically aimed. The incident underscores a growing trend of Iran exploiting weaknesses in critical infrastructure, even as it remains geographically distant from the U.S. mainland.

Historical Context and Cyber Capabilities

Iran’s interest in U.S. energy systems is not new. Cybersecurity researchers have long raised alarms about the accessibility of ATG networks. In 2015, Trend Micro conducted a test by exposing mock ATG systems online, only to discover that a pro-Iran group had already identified them as potential targets. This experiment revealed how Iran’s hackers were eager to find vulnerabilities in systems connected to oil and gas operations.

Further evidence of Iran’s focus on fuel infrastructure emerged in 2021, when Sky News published internal documents from the Islamic Revolutionary Guard Corps (IRGC) that specifically highlighted ATGs as a key area for disruption. These documents outlined strategies for launching cyberattacks that could interfere with fuel distribution, demonstrating a calculated approach to undermining the U.S. energy supply chain.

Despite concerns about Iran’s cyber capabilities, U.S. intelligence agencies have traditionally viewed them as secondary to China and Russia. However, the current wave of attacks has shown Iran’s ability to act opportunistically. Since the conflict began in late February, Tehran-linked hackers have disrupted operations at multiple U.S. oil and gas facilities, delayed shipments at Stryker, a major medical device manufacturer, and even leaked the private emails of FBI Director Kash Patel.

Global Cyber Threats and Strategic Responses

The scope of Iran’s cyber activities has expanded beyond U.S. infrastructure. Israeli organizations and citizens have also been heavily targeted during the war, with Iranian hackers embedding anti-Israel messages into systems managing water pressure. This dual strategy of cyberattacks and psychological warfare has intensified, according to Yossi Karadi, head of Israel’s National Cyber Directorate.

“We are witnessing a significant increase in the scale, speed, and integration between cyber operations and psychological campaigns,” Karadi told CNN. “Iranian actors are under pressure and are trying to strike wherever they find an opening in cyberspace.”

The Israel Defense Forces (IDF) recently claimed to have targeted a compound suspected to house Iran’s “Cyber Warfare headquarters.” While the exact number of Iranian operatives eliminated in the strike remains unclear, Karadi noted that his agency’s mandate is focused on cyber defense, not offensive operations. He described the recent period as one of “degradation in parts of hostile cyber activity,” but stressed that the threat continues to evolve.

Experts like Allison Wikoff, a cybersecurity analyst, have observed a transformation in Iran’s approach to cyber warfare. “The last 18 months have shown that Iran’s cyber operations are now accelerating with faster iteration, more layered hacktivist personas, and likely AI-driven scaling for reconnaissance and phishing,” Wikoff said. This evolution suggests a shift from reactive tactics to a more coordinated and strategic campaign.

Future Threats and Preparedness

As the war escalates, the vulnerability of U.S. critical infrastructure has become a focal point for cybersecurity professionals. The ATG breaches are part of a larger pattern, with Iranian hackers consistently seeking out systems that are inadequately secured. This behavior aligns with their historical strategy of targeting “low-hanging fruit”—systems that are accessible online but lack robust defenses.

The U.S. government has faced criticism for its slow response to securing these systems, despite years of federal urging. With the war intensifying, the need for proactive measures has grown. Experts warn that without stronger safeguards, future attacks could have more severe consequences, including the potential to manipulate fuel distribution or create cascading failures in energy networks.

As Iran’s cyber operations continue to expand, their impact on both U.S. and Israeli targets grows. The integration of psychological elements into these attacks not only undermines operational security but also fuels public unrest. The Trump administration now faces the challenge of addressing these cyber threats while managing the political fallout from the war’s economic toll on American consumers.

For now, the focus remains on determining the extent of Iran’s involvement in the recent ATG breaches. While CISA has requested comment, the FBI’s silence adds to the uncertainty. However, the pattern of attacks suggests that Iran is not only capable of targeting U.S. infrastructure but is also doing so with increasing frequency and coordination. This marks a pivotal moment in the cyber dimension of the broader conflict, with implications that extend far beyond the immediate technical breaches.