Newsletters
U.S. officials suspect Iranian hackers are behind a series of breaches of automatic tank gauge systems at gas stations across multiple U.S. states, CNN reported.
The development was marked as the latest in a string of Tehran-linked cyberattacks on American critical infrastructure since the Iran war began in late February, which also included disruptions at oil, gas, and water facilities; shipping delays at medical device maker Stryker; and the leak of FBI Director Kash Patel's private emails.
According to CNN, the hackers exploited automatic tank gauge systems connected to the internet without password protection, allowing them, in some cases, to alter displayed tank readings but not actual fuel quantities.
The intrusions are not known to have caused physical damage, but cybersecurity experts and U.S. officials warned that access to an Automatic Tank Gauge (ATG) system could theoretically allow a hacker to make a gas leak go undetected.
Iran's history of targeting gas tank systems is described by CNN's sources as a key reason it is the leading suspect. However, a lack of forensic evidence means the U.S. government may not be able to definitively attribute the attacks.
The ATG vulnerability is not new: a 2015 Trend Micro experiment placed mock ATG systems online, and a pro-Iran group quickly engaged with them, CNN noted. A 2021 Sky News report cited internal Islamic Revolutionary Guard Corps (IRGC) documents that specifically identified ATGs as potential targets for a disruptive cyberattack on gas stations.
CNN's broader reporting draws a picture of an Iranian cyber posture that has intensified markedly since February 28. Since the war began, Tehran-linked hackers have caused disruptions at multiple U.S. oil, gas, and water sites; caused shipping delays at Stryker, a major U.S. medical device maker; and leaked private emails from FBI Director Kash Patel, obtained by getting into his personal Gmail account rather than FBI systems, despite "Handala," a pro-Iran hacktivist group, claiming it had breached the FBI's systems.
Yossi Karadi, head of Israel's National Cyber Directorate, told CNN Iran's cyber activity has shown "a significant increase in the scale, speed, and integration between cyber operations and psychological campaigns."
"Iranian actors are under pressure and are trying to strike wherever they find an opening in cyberspace," he added.
Allison Wikoff of PwC's threat intelligence team told CNN Iran's cyber operations "are now accelerating with faster iteration, more layered hacktivist personas, and likely AI-driven scaling for reconnaissance and phishing."
She said, "What was 'notably new in their cyber playbook is the swift creation of 'good-enough' malware, including the destructive wiping types, complemented by assertive hack-and-leak campaigns against media, dissidents, and key civilian infrastructure."
Alex Orleans of Sublime Security, who has tracked Iranian hackers for years, told CNN two factors have limited the scale of damage so far: Iran appears to have lacked sustained lines of access, and the regime's desire to endure "further disincentivizes wanton cyber effects operations."
Set as preferred source
Set as preferred source
2 min read
