Nobody is paying the price for it
Iranian hackers exploited unprotected automatic tank gauge systems at US fuel stations, manipulating display readings without affecting actual fuel levels in multiple states. Iran's documented history of targeting fuel infrastructure and recent escalation in cyber operations during the war make it the primary suspect, though definitive attribution remains difficult.
- Iranian hackers exploited unprotected automatic tank gauge systems at U.S. fuel stations across multiple states
- Hackers altered displayed readings but not actual fuel levels in the tanks
- Iran's cyber operations have escalated since the war began in late February, disrupting oil, gas, water facilities, and affecting major manufacturers
- No specialized U.S. team is currently active to detect foreign threats to midterm elections, a first in years
US authorities suspect Iranian hackers infiltrated unprotected fuel tank monitoring systems across multiple states, potentially enabling manipulation of readings and concealment of gas leaks, marking escalating cyber operations during the Israel-Iran conflict.
American authorities are investigating a breach of fuel tank monitoring systems across multiple states, and they believe Iranian hackers are responsible. The intruders exploited automatic tank gauge systems—the devices that track fuel levels at gas stations—that were connected to the internet without password protection. In some cases, the hackers managed to alter the readings displayed on the gauges, though they did not change the actual amount of fuel stored in the tanks themselves.
The breach itself may not have caused physical damage, but it has alarmed security officials and private experts because of what it could enable. If a hacker gains access to one of these monitoring systems, they could theoretically make a fuel leak go undetected. That possibility alone has elevated the concern around what appears to be a coordinated campaign. Multiple sources familiar with the investigation point to Iran's documented history of targeting fuel infrastructure as a key reason the country is the leading suspect. However, investigators acknowledge they may never be able to definitively prove who carried out the attacks, given the lack of forensic evidence left behind.
Iran's cyber operations have intensified dramatically since the war began in late February. Hackers linked to Tehran have disrupted oil, gas, and water facilities across the United States, caused delays in shipments for Stryker, a major American medical device manufacturer, and released private emails belonging to FBI Director Kash Patel. The scale and speed of these operations have surprised American intelligence agencies, which have historically viewed Iran's cyber capabilities as inferior to those of China or Russia. Yossi Karadi, head of Israel's National Cyber Directorate, told CNN that Iranian cyber activity during the war has shown "a significant increase in scale, speed, and integration between cyber operations and psychological campaigns." In March, Israeli forces claimed to have struck a complex housing Iran's "cyber warfare headquarters," though it remains unclear whether the attack killed any Iranian cyber operatives.
Experts tracking Iranian hacking groups have documented a shift in their tactics. Allison Wikoff, director of threat intelligence at PwC, notes that what is "remarkably new" in Iran's cyber playbook is the rapid creation of "good enough" malware, including destructive data-wiping tools, paired with aggressive intrusion and theft campaigns targeting media outlets, dissidents, and critical American infrastructure. The groups operate through personas—one calls itself Handala, after a Palestinian cartoon character—and use Telegram to exaggerate their accomplishments, publish stolen material, and release promotional videos. When Handala claimed to have breached the "impenetrable" systems of the FBI, the group had actually accessed old Gmail accounts belonging to Patel. Yet the claim caused widespread alarm, revealing a gap between the actual threat and public perception.
The fuel tank breach is part of a broader pattern of Iranian cyber aggression that predates the current war. In 2015, security researchers at Trend Micro placed simulated tank gauge systems online to see who would attack them. A pro-Iranian group appeared almost immediately. A 2021 Sky News report cited internal documents from Iran's Islamic Revolutionary Guard Corps identifying tank gauges as potential targets for disruptive cyberattacks on fuel stations. The vulnerability has been known to cybersecurity researchers for more than a decade, yet many operators of critical infrastructure in the United States have struggled to implement basic protections despite years of federal recommendations.
The timing of the breach has raised concerns among current and former American government officials about the upcoming midterm elections. In 2020, federal agencies blamed Iran for a scheme impersonating the far-right group Proud Boys to intimidate voters. During the 2024 presidential election, Iranian hackers breached Trump's campaign and sent internal documents to news organizations. For the first time in years, American military and intelligence officials have not activated a specialized team dedicated to detecting and countering foreign threats to elections—a decision Jason Kikta, a former Cyber Command official, called "strategic negligence." Chris Krebs, who directed CISA in 2020, said he would be surprised if Iran did not participate in the midterm elections. "My bet is on information operations, not attacks on election systems," Krebs told CNN. "That's where the Russians and Chinese have turned, and for good reason. It's cheap, it's easy to scale with AI, and nobody is paying the price for it."
Citações Notáveis
A significant increase in scale, speed, and integration between cyber operations and psychological campaigns— Yossi Karadi, head of Israel's National Cyber Directorate
It's cheap, it's easy to scale with AI, and nobody is paying the price for it— Chris Krebs, former director of CISA
A Conversa do Hearth Outra perspectiva sobre a história
Why would Iranian hackers target fuel tank monitoring systems specifically? What's the strategic value?
The systems are often unprotected and connected to the internet. But more importantly, access to them could let someone hide a fuel leak—which could cause environmental damage, economic disruption, or worse. It's infrastructure that most people don't think about until it fails.
How confident are investigators that Iran is actually behind this?
Not very. They point to Iran's history of targeting fuel infrastructure and the timing during the war. But the hackers left little forensic evidence. Officials admit they may never be able to prove it definitively.
You mentioned Iran's cyber operations have accelerated. What changed?
The scale and speed. They're using AI to automate reconnaissance and phishing. They're creating malware faster. And they're coordinating cyber attacks with psychological campaigns—exaggerating their successes on Telegram, releasing stolen documents, creating personas that amplify fear.
The article mentions a group called Handala claiming to breach the FBI. Did they actually?
No. They accessed old Gmail accounts belonging to the FBI director. But the claim caused panic anyway. That gap between reality and perception is part of their strategy now.
What worries officials most about this pattern?
Election interference. Iran has done it before. And right now, for the first time in years, the U.S. hasn't set up a specialized team to detect foreign threats to elections. One former official called it strategic negligence.
Why would Iran focus on information operations rather than direct attacks?
Because it works, it's cheap, and it scales easily with AI. And crucially—nobody pays a price for it. There's no military response to a disinformation campaign the way there might be to a physical attack.