Iranian Hackers Exploit Insecure Fuel Tank Monitoring Systems in US Critical Infrastructure Attack
Iran-linked threat actors linked to Iran have exploited unsecured automatic tank gauge systems to tamper with fuel level readings at US gas stations, expanding the scope of Iran's cyber offensive amid ongoing military conflict.
Iranian hackers have breached systems that monitor fuel levels in storage tanks serving gas stations across the United States, according to a report published by CNN on Friday. The attackers exploited automatic tank gauge (ATG) systems that were exposed online and lacked password protections, allowing them to change display readings on the tanks, though not the actual fuel levels. The incident underscores how geopolitical conflict is increasingly spilling into the digital realm, targeting critical infrastructure in ways that can disrupt daily life.
The compromised ATG systems are industrial IoT devices widely used in fuel storage and distribution networks. Security experts have warned for over a decade about the risks posed by these insecure systems, which often lack basic authentication and are directly connected to the internet. Last year, a session at RSAC Conference 2025 detailed how a skilled attacker could manipulate ATG readings to trigger cascading effects, potentially leading to supply chain disruptions or operational chaos.
Iran is the suspected perpetrator due to its history of targeting gas tank systems, though the lack of forensic evidence makes attribution difficult. The attack aligns with Iran's pattern of using cyber capabilities to compensate for its military disadvantages against the US and Israel. Since the conflict began on February 28, when the US and Israel bombed Iran, Iranian threat groups have launched a barrage of cyberattacks. Last month, the US government warned that Iran-affiliated actors were disrupting critical infrastructure through attacks on internet-exposed operational technology devices.
At this point, there appears to be no significant disruption to fuel-related critical infrastructure in the US from this specific incident. However, the attack sends a strategic message, according to Louis Eichenbaum, federal CTO at security firm ColorTokens. "Even a seemingly 'minor' incident can send a strategic message: we can reach into your communities and affect daily life," he told Dark Reading. The attack demonstrates how critical infrastructure has become both a target and a pawn in modern warfare, with both Iranian and US/Israeli forces threatening or executing cyber and kinetic attacks on each other's infrastructure.
The incident highlights the urgent need for critical infrastructure providers to defend against even unsophisticated attacks targeting seemingly insignificant weaknesses. Eichenbaum emphasized that the most urgent risks are basic exposures: internet-facing OT, weak access controls, flat networks, poor visibility, and limited segmentation. "Strategic defense must focus on resilience, containment, and reducing blast radius," he said.
John Gallagher, vice president of Viakoo Labs, noted that cyberattacks have become commonplace in modern military conflict, so the fuel tank monitor attack is "nothing new to see." However, he pointed to the Colonial Pipeline incident in May 2021 as an example of how such attacks can have ripple effects across large populations, triggering fuel shortages and price hikes. To minimize these scenarios, critical infrastructure defenders need structured, audited policies and automated compliance solutions, similar to enterprise IT security practices.
The attack serves as a stark reminder that as geopolitical tensions escalate, the boundaries between traditional battlefields and civilian infrastructure continue to blur. With oil prices already volatile due to the closure of the Strait of Hormuz, any disruption to fuel distribution could have immediate economic consequences. The Department of Homeland Security and CISA had not responded to requests for comment at press time.