US officials believe hackers linked to Iran may be responsible for a wave of cyberattacks targeting fuel storage monitoring systems at gas stations across several American states, according to sources familiar with the investigation.
The attackers reportedly exploited vulnerable Automatic Tank Gauge (ATG) systems that were connected to the internet without password protection. By accessing these systems, hackers were able to manipulate display readings and monitoring data, although there is no evidence they changed actual fuel levels.
While the breaches did not cause physical damage or fuel shortages, cybersecurity experts and US officials warned that such access could create serious safety risks. In theory, hackers with control of ATG systems could prevent operators from detecting fuel leaks or other hazardous issues.
Investigators say Iran is among the primary suspects because of its long history of targeting critical infrastructure and fuel-related systems. However, officials cautioned that a definitive attribution may be difficult due to limited forensic evidence left behind by the attackers.
The US Cybersecurity and Infrastructure Security Agency (CISA) has been asked to comment on the incidents, while the FBI declined to provide a statement.
If Iranian involvement is confirmed, the incident would represent another example of Tehran attempting to pressure US infrastructure during heightened tensions linked to the ongoing conflict involving Iran, Israel, and the United States. Analysts say cyberattacks have become an increasingly important tool for Iran because direct military attacks on US soil remain difficult.
The attacks could also create political pressure for the Trump administration, especially as rising fuel prices continue to impact American households. A recent CNN survey found that many Americans believe the conflict with Iran has negatively affected their finances.
Longstanding Warnings About Fuel System Vulnerabilities
Cybersecurity experts have warned for years that internet-connected ATG systems could become easy targets for hackers if left unsecured. In 2015, security company Trend Micro conducted research using mock ATG systems placed online and quickly attracted attention from a pro-Iranian hacking group.
A later report published by Sky News in 2021 cited documents linked to Iran’s Islamic Revolutionary Guard Corps that identified gas station systems as potential cyberattack targets.
Iranian cyber groups have often focused on vulnerable infrastructure systems that are poorly protected, including oil facilities, water utilities, and industrial monitoring networks.
Following the Hamas attack on Israel in October 2023, US officials accused Iran-linked hackers of breaching several American water utilities and displaying anti-Israel messages on water pressure management systems.
Iran’s Cyber Operations Expanding Rapidly
Although US intelligence agencies historically viewed Iran’s cyber capabilities as less advanced than those of China or Russia, recent operations suggest Tehran has become more aggressive and adaptable in cyberspace.
Since the conflict escalated earlier this year, Iran-linked hackers have reportedly disrupted operations at multiple oil, gas, and water facilities in the US. Other incidents included shipping delays affecting medical device manufacturer Stryker and the leak of old personal emails belonging to FBI Director Kash Patel.
Israeli organizations and citizens have also faced intensified cyberattacks during the conflict. At the same time, military cyber operations by both Israel and the US have reportedly been integrated with conventional military actions.
Yossi Karadi, head of Israel’s National Cyber Directorate, told CNN that Iranian cyber activity has significantly increased in scale and speed, combining hacking operations with psychological and information campaigns.
Experts also warn that Iran’s cyber tactics are evolving rapidly. Allison Wikoff, a threat intelligence specialist at PwC, said Iranian groups are now using faster malware development, destructive wiping tools, and aggressive “hack-and-leak” campaigns targeting media organizations, dissidents, and civilian infrastructure.
Rise of “Hacktivist” Personas
Iran-linked hacking groups increasingly operate through online personas that exaggerate their capabilities and spread propaganda through platforms like Telegram.
One such group, calling itself Handala, claimed it had infiltrated FBI systems while mocking FBI Director Kash Patel. However, cybersecurity researchers later determined the hackers had only accessed older Gmail communications rather than secure FBI infrastructure.
Security experts say these campaigns are designed not only to steal information but also to create fear and confusion by amplifying the perceived threat.
Alex Orleans, a cybersecurity researcher at Sublime Security, noted that Iran’s cyber campaigns often generate outsized public reactions even when the actual technical damage is limited.
Concerns Ahead of Future US Elections
Current and former US officials are increasingly worried about Iranian cyber activity ahead of upcoming US midterm elections.
In the 2020 election cycle, federal agencies accused Iran of running intimidation campaigns that impersonated the Proud Boys extremist group. During the 2024 presidential race, Iranian hackers reportedly breached systems linked to Donald Trump’s campaign and leaked internal documents to media outlets.
Experts fear future attacks may focus more on misinformation and influence operations rather than direct attacks on election infrastructure.
Chris Krebs, former director of CISA, warned that AI-powered information warfare could become one of the biggest cybersecurity threats facing future elections because such campaigns are inexpensive, scalable, and difficult to punish effectively.
FAQs
What are Automatic Tank Gauge (ATG) systems?
ATG systems are monitoring devices used at gas stations to track fuel levels, detect leaks, and manage underground storage tanks.
Did the cyberattacks affect fuel supplies?
No, officials said the hackers only manipulated monitoring displays and did not alter actual fuel levels or disrupt fuel distribution.
Why is Iran suspected in the attacks?
US officials point to Iran’s history of targeting fuel systems and critical infrastructure, although investigators say definitive proof may be difficult to obtain.
Were any gas stations physically damaged?
No physical damage or injuries have been reported from the breaches so far.
Why are unsecured ATG systems dangerous?
If hackers gain access, they could potentially hide fuel leaks, interfere with safety monitoring, or create operational disruptions.
Has Iran targeted US infrastructure before?
Yes, US officials have previously linked Iranian hackers to attacks on water utilities, political campaigns, and other infrastructure systems.
Could these attacks impact future elections?
Cybersecurity experts fear Iran may use cyber and information operations to influence future US elections through hacking, misinformation, and propaganda campaigns.
What can operators do to protect fuel monitoring systems?
Experts recommend using strong passwords, removing unnecessary internet access, applying software updates, and monitoring systems for suspicious activity.
Conclusion
The suspected cyberattacks on US fuel monitoring systems highlight the growing threat posed by cyber warfare against critical infrastructure. Although the recent breaches did not result in physical harm, they exposed major weaknesses in internet-connected industrial systems that remain poorly secured.
As geopolitical tensions continue to rise, cybersecurity experts warn that attacks targeting fuel networks, water utilities, and election systems may become increasingly common. The incidents also demonstrate how modern conflicts are extending beyond traditional battlefields into digital infrastructure that millions of people rely on every day.
