Iranian Cyber Actors Target Fuel Storage Monitoring Systems
Exclusive – According to multiple sources, US authorities believe Iranian cyber actors may be responsible for several intrusions into fuel storage monitoring systems. These attacks have affected gas stations across multiple states, targeting the automated tank gauge (ATG) technology used to track fuel levels in underground storage tanks. The perpetrators took advantage of systems that were left exposed online without passwords, allowing them to manipulate digital displays rather than directly altering the physical fuel quantities. While the breaches have not caused tangible damage to infrastructure, they have sparked concerns about potential safety risks, as experts warn that access to ATG systems could theoretically enable undetected gas leaks.
How the Breaches Occurred
The compromised ATG systems, which are designed to monitor fuel levels in real-time, were found to be vulnerable to unauthorized access. Hackers exploited this weakness to adjust the readings displayed on fuel storage tanks, though they did not interfere with the actual fuel levels. This method of tampering could mislead drivers and businesses into thinking there is more or less fuel available than there is, potentially leading to inefficiencies or even safety hazards. The incident highlights the growing threat of cyber attacks on critical infrastructure, which remains a key focus for US security agencies.
Historical Context of Iranian Cyber Activities
Officials have noted that Iran’s history of targeting fuel storage systems makes it a likely suspect in these recent breaches. Previous reports suggest that Tehran-linked hackers have long sought out low-hanging targets—systems that are directly connected to energy, water, and oil operations. A 2021 Sky News report cited internal documents from the Islamic Revolutionary Guard Corps that identified ATGs as a strategic target for disruptive cyberattacks. This aligns with the country’s broader efforts to undermine US energy infrastructure, which has been a recurring theme in its cyber operations.
Over the past decade, cybersecurity researchers have repeatedly warned about the exposure of ATG systems to the internet. In 2015, Trend Micro conducted an experiment by simulating ATG systems online to observe which groups would attempt to breach them. A pro-Iranian hacking collective quickly identified and targeted the systems, demonstrating a clear interest in disrupting fuel management processes. This pattern of behavior has continued, with Iran’s cyber units leveraging opportunities to strike at US facilities during periods of heightened conflict.
Implications for US Infrastructure and Energy Sector
The hacking campaign has raised critical questions about the security of US infrastructure. Despite years of federal guidance and warnings, many operators have struggled to implement robust defenses for their systems. The recent breaches underscore the vulnerability of these networks, even as they remain essential to daily operations. For the Trump administration, the situation could become politically sensitive, as the war with Iran has contributed to rising gas prices—a factor that has already drawn public backlash.
A recent CNN poll revealed that 75% of US adults believe the Iran war has negatively impacted their finances. The hacking incidents now add another layer to this concern, as they highlight how foreign adversaries can exploit weaknesses in the energy sector. If confirmed, Iran’s involvement would mark a significant escalation in its efforts to disrupt US critical infrastructure, even as the country’s physical attacks remain limited to regions beyond its reach.
Iran’s Cyber Capabilities and Strategic Goals
US intelligence agencies have long regarded Iran’s cyber capabilities as less advanced compared to those of China or Russia. However, the recent series of opportunistic hacks has demonstrated a shift in Tehran’s approach. During the war with Iran, the country’s hackers have targeted a wide range of US assets, from oil and gas sites to water utilities and medical device manufacturers. These attacks have been both disruptive and symbolic, often carrying anti-Israel messages to signal ideological alignment.
One notable example occurred in October 2023, when US officials attributed a wave of cyberattacks to hackers affiliated with Iran’s Islamic Revolutionary Guard Corps. These attacks disrupted water utilities, displaying pro-Iran messages on equipment managing water pressure. The pattern suggests that Iran is not only focusing on practical disruptions but also on psychological operations to influence public perception and morale.
Global Cyber Conflict and AI-Driven Tactics
Analysts have noted that Iran’s cyber activities during the war have shown a marked increase in scale and integration with psychological campaigns. Yossi Karadi, head of Israel’s National Cyber Directorate, told CNN that the country’s cyber operations have become “more layered and faster-moving,” with a likely use of AI to enhance reconnaissance and phishing efforts. This evolution reflects a broader trend in global cyber warfare, where adversaries increasingly rely on technology to amplify their impact.
“The last 18 months have shown that Iran’s cyber operations are now accelerating with faster iteration, more layered hacktivist personas, and likely AI-driven scaling for reconnaissance and phishing,” said Allison Wikoff, a director at the US Cybersecurity and Infrastructure Security Agency.
Meanwhile, the Israel Defense Forces claimed to have struck a compound believed to house Iran’s “Cyber Warfare headquarters” in March. While the exact number of operatives killed in the attack remains unclear, the strike marked a significant countermeasure in the ongoing cyber conflict. Karadi emphasized that his agency’s focus is primarily on defense, though he acknowledged a “degradation in parts of hostile cyber activity” in recent months.
The hacking incidents also serve as a warning for US infrastructure operators. As cyber threats continue to evolve, the need for stronger security measures becomes more urgent. The breaches of ATG systems demonstrate that even seemingly isolated vulnerabilities can be exploited to create broader disruptions. With Iran’s cyber units growing more sophisticated, the US must remain vigilant in protecting its energy and water networks, which are critical to national stability.
Broader Impact of the War on Cybersecurity
The war has intensified the cyber conflict between the US, Israel, and Iran, with each side using digital tools to support kinetic operations. Israeli organizations and citizens have been heavily targeted by Tehran’s hackers, reflecting the adversaries’ strategy to strike at both physical and digital fronts. In response, the US and Israeli militaries have ramped up their own cyber efforts, making attacks more precise and devastating.
While the Trump administration has faced criticism for its handling of the war, the recent cyber breaches could further complicate its position. Higher gas prices, exacerbated by the conflict, have become a key issue for voters, and these attacks may intensify scrutiny of the administration’s policies. The situation also highlights the interconnectedness of cyber and kinetic warfare, as adversaries seek to combine physical and digital strategies to achieve strategic objectives.
As the conflict continues, the role of AI in cyber operations is expected to expand, enabling more efficient and targeted attacks. The hacking of ATG systems is just one example of how Iran has adapted its tactics to exploit weaknesses in the US energy sector. With more sophisticated tools at their disposal, Tehran’s cyber units are likely to continue probing vulnerabilities, making the protection of critical infrastructure a top priority for US officials.
CNN has requested comment from the US Cybersecurity and Infrastructure Security Agency on the ATG breach, but the FBI has opted not to respond. This silence may leave room for speculation about the extent of Iran’s involvement, though officials have not ruled it out. The absence of definitive forensic evidence has made it challenging to attribute the attacks with certainty, but the patterns observed so far point strongly toward Iranian actors.
Ultimately, these cyber intrusions underscore the growing threat to US energy infrastructure. As Iran continues to refine its tactics, the potential for more widespread disruptions increases. The case of the ATG breaches serves as a reminder that even in times of war, the digital front remains a critical battleground. The US must now address these vulnerabilities head-on, ensuring its systems are resilient against the evolving strategies of adversaries like Iran.
