Amid continued tensions between the US and Iran, several US officials now suspect Iranian hackers of being behind a series of breaches of systems that monitor fuel levels in storage tanks serving gas stations in various states.
According to a CNN report on Friday, the hackers responsible, according to sources, exploited the Automatic Tank Meter (ATG) systems that were exposed online and left unprotected passwords. In some cases, this allowed them to change the readings on the tank display, although not the actual fuel levels.
While cyber intrusions typically do not cause physical harm or harm, the breaches have raised security concerns because gaining access to ATG could allow a hacker to trigger a gas leak that officials say could go undetected.
Read also | US takes down ‘cybercrime-as-a-service’ botnets that hijacked 3 million devices
Iranian history focused on gas tank systems
Citing sources briefed on the investigation, CNN said Tehran’s history of targeting gas tank systems is a key reason why the Islamic Republic is considered the prime suspect. However, they added that the US government may not be able to definitively determine who was behind the attack due to the lack of forensic evidence left behind by the hackers.
If confirmed, it would be the latest instance of Tehran targeting critical infrastructure in Washington, which remains beyond the reach of Iranian drones and missiles, amid the US-Iran conflict.
Additionally, it could create a politically sensitive issue for US President Donald Trump’s administration by drawing attention to rising gasoline prices linked to the war. According to a recent CNN poll, roughly 75 percent of US adults believe the Iran war has hurt their financial situation.
Read also | Hackers linked to North Korea breach Axios software, target US firms: Report
A recent hacking warning for critical infrastructure operators?
The hacking campaign also serves as a warning to many US critical infrastructure operators who are struggling to secure their systems despite years of federal guidance and warnings.
Hacking groups in the Islamic Republic are said to be after the low-hanging fruit – exposed US computer systems connected to oil and gas facilities and water infrastructure. After Hamas attacked Israel on October 7, 2023, US officials blamed hackers linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) for a series of hacks into US water utilities where devices used to control water pressure were allegedly altered to display an anti-Israel message.
In addition, cybersecurity researchers have consistently warned against Internet ATGs for more than a decade. In 2015, security firm Trend Micro put fake ATG systems online to see what kinds of hackers would target them. A pro-Iranian group quickly emerged.
In 2021, Sky News cited internal IRGC documents that identified ATG as potential targets for devastating cyber attacks on petrol stations.
Iran steps up cyber operations
While intelligence agencies in Washington have long believed that Tehran’s cyber capabilities are inferior to those of Moscow or Beijing, a recent series of opportunistic intrusions targeting key US assets during the conflict suggests that Iran remains a capable and unpredictable cyber threat.
Since the war began in late February, hackers linked to Iran have reportedly disrupted several U.S. oil, gas and water facilities, delayed supplies at Stryker, a major Washington-based medical device maker, and leaked the private emails of FBI Director Kash Patel.
Read also | Kash Patel’s personal email was compromised by hackers linked to Iran amid the conflict
Tehran’s cyber activity during the war showed “a significant increase in scale, speed and integration between cyber operations and psychological campaigns,” Yossi Karadi, head of Israel’s National Cyber Directorate, told CNN.
If confirmed, the breach would highlight how relatively simple security gaps in industrial control systems, such as the exposed and password-less ATG, remain persistent vulnerabilities in US critical infrastructure.
