Command Palette

Search for a command to run...

Discover

Iran-Linked Hackers Breach U.S. Gas Station Tank Readers, Fuel Data Manipulated

Iran-Linked Hackers Breach U.S. Gas Station Tank Readers, Fuel Data Manipulated
View gallery

U.S. officials said suspected Iran-linked hackers breached remote “tank reader” systems at gas stations in multiple states, manipulating fuel-level displays but causing no known physical damage or shortages as of Friday. The intrusions targeted automatic tank gauges (ATGs) that were exposed to the open internet, in some cases with no passwords, in an incident that sharpened concerns over the security of U.S. critical infrastructure during wartime with Iran idahopress.

The breaches were under active investigation, with agencies including the Cybersecurity and Infrastructure Security Agency (CISA) notified; the FBI declined public comment. Officials said the activity fit a pattern of increasingly aggressive Iranian cyber operations that have recently disrupted U.S. oil, gas, water and private-sector networks idahopress +1.

How Hackers Reached the Gas Station Tank Readers

Investigators said the hackers scanned the internet for ATG devices reachable over common ports and found many “sitting online and unprotected by passwords,” allowing them to log in and alter displayed tank readings remotely idahopress. ATGs, widely deployed at gas stations and depots, monitor fuel volume, temperature and possible leaks and can trigger alarms or shutoffs if something goes wrong rd +1.

Security research over the past decade showed thousands of these devices worldwide remain directly exposed online, often using legacy protocols that were never designed for modern cybersecurity threats. Early work in 2015 found about 5,800 exposed ATGs, including roughly 5,300 in the U.S., while a 2022 scan identified more than 11,000 such systems globally rd. More recently, BitSight researchers documented 11 critical vulnerabilities across six ATG models, including command-injection flaws with maximum-severity CVSS scores of 10.0 that could give attackers full control of affected devices darkreading.

In the latest incident, officials said attackers only manipulated what operators could see on their screens, not the actual fuel in the tanks idahopress. But experts warned that the same level of access could, in other circumstances, be used to disable alarms, mask leaks or tamper with safety thresholds, creating the potential for environmental damage or explosions rd +1.

A Warning Shot for Critical Infrastructure Defenses

The suspected Iranian operation came against a backdrop of escalating cyber activity tied to the conflict, including incidents that disrupted internet access for U.S. oil, gas and water companies between January 2025 and March 2026, according to an FBI report consumer. “We have seen both state and non-state actors in Iran pose real risk and show willingness to hurt people through compromising these systems,” said Rob Lee, CEO of industrial cybersecurity firm Dragos consumer.

Federal agencies and security firms have repeatedly urged fuel retailers to remove ATGs from the public internet, segment operational networks, apply vendor patches and implement stronger authentication rd +2. Yet the persistence of vulnerable, decades-old hardware in the field, combined with the cost and logistical burden of replacing it, has slowed progress. Researchers warned that even modest manipulations of fuel data could prompt operators to shut down sites out of caution, risking localized disruptions similar in effect—if not in scale—to the 2021 Colonial Pipeline shutdown rd +1.

The Bigger Picture

The gas-station breaches underscored how relatively simple techniques—scanning for exposed devices and exploiting weak or missing passwords—could still reach sensitive industrial systems in 2026. While the immediate impact appeared limited, the incident added urgency to calls for stronger baseline protections and possible new regulatory requirements for internet-exposed control systems. As investigations continue, the episode highlighted a central dilemma of modern infrastructure: long-lived, indispensable equipment built for reliability, now operating in a threat environment it was never designed to withstand.