Hackers linked to Iran may be behind a string of breaches in the computer systems that monitor fuel at gas stations across the United States, officials said Friday. In some cases, the intruders were able to tamper with display readings on the devices, which were online but not password protected.
Officials said there was no known damage to the systems and no physical harm was reported. But they said the attacks created the possibility that gas leaks could go undetected, because the automatic tank gauge systems were being watched remotely and had been left exposed.
The breaches matter because the devices sit in a narrow but sensitive part of the fuel supply chain. Automatic tank gauges track levels inside station tanks, and officials told the hackers exploited those unprotected systems to reach them. Fuel levels themselves were not altered, but the ability to interfere with the readings raised alarms about what a more determined attacker could do.
The reported intrusions fit into a longer pattern of Iranian-linked cyber activity against U.S. infrastructure. In September 2024, Bitsight TRACE said it had found multiple critical vulnerabilities across products from different manufacturers, warning that such flaws could be used to cause widespread damage, including physical damage, environmental hazards and economic losses. A Sky News report in 2021 said the Islamic Revolutionary Guard Corps had singled out automatic tank gauges as potential targets for cyberattacks on gas stations.
That warning sits against a history that U.S. officials and analysts say has grown more aggressive over time. They broadly agree that many of these operations are carried out by groups linked to the Islamic Revolutionary Guard Corps. Iranian-linked actors have also repeatedly targeted energy, government, healthcare and financial services, and between 2011 and 2013 Iranian hackers carried out a sustained distributed denial-of-service campaign against nearly 50 U.S. financial institutions.
During that same period, an Iranian hacker infiltrated the control system of the Bowman Avenue Dam in Rye Brook, New York. Prosecutors later described that breach as a troubling test case for possible attacks on physical infrastructure, even though it did not cause damage. Analysts often trace Tehran’s more aggressive cyber posture back to the discovery of the Stuxnet virus in 2010.
The latest incident shows how a small security gap can become a larger problem when it touches systems tied to fuel and public safety. The unanswered question now is not whether the devices were vulnerable — officials say they were — but how many more sites were left exposed in the same way.
