Hackers linked to Iran may be responsible for breaches of computer systems that monitor fuel at gas stations across the United States, officials said Friday. In some cases, the intruders tampered with display readings after exploiting automatic tank gauge systems that were online but not password protected.
Officials said there has been no physical damage and no altered fuel levels so far, but the breach showed how a fuel leak could go completely undetected. The systems, known as ATGs, are the tank readers iran has now put back in focus because they sit at the center of a lot more than gas stations.
Officials briefed on the matter said they suspect Iranian nationals were behind multiple breaches of the devices. Yossi Karadi, the head of Israel’s National Cyber Directorate, said Iran’s cyber activity since the war that began in late February has shown a significant increase in the scale, speed and integration between cyber operations and psychological campaigns. He added that Iranian actors were under pressure and trying to strike wherever they found an opening in cyberspace.
The timing matters because the warnings about these systems are not new. Bitsight TRACE said in September 2024 that it found multiple critical vulnerabilities across different products from different manufacturers, and warned they could be exploited to cause widespread damage, including physical damage, environmental hazards and economic losses. The company said thousands of ATG systems remain directly accessible over the public internet.
Ben Edwards, who has studied the technology, said ATGs are critical at gas stations, military bases, airports and hospitals. He said the reported activity makes clear the systems are an active target and that the attack surface is larger than most people realize. Edwards said the consequences go well beyond data theft and could include overfilled tanks, disabled safety alarms or physical relays overridden in ways that cause permanent damage to equipment.
The concern is sharpened by how easily the systems can be overlooked. The devices were online but not password protected, giving attackers a path into equipment that is meant to quietly track fuel levels, not broadcast them to the internet. In some cases, hackers were able to alter what operators saw on their screens even if the fuel itself was unchanged.
A report in 2021 said the Islamic Revolutionary Guard Corps had singled out ATGs as potential targets in cyberattacks on gas stations, a warning that now reads less like theory and more like a map. What happens next will depend on whether the breaches stay limited to display tampering or become the opening for deeper attacks on infrastructure that people assume is too small to matter until it fails.
Edwards said the risk is known, documented and demands urgent attention from asset owners and policymakers. For gas station operators and the agencies that watch critical infrastructure, Friday’s disclosures were a reminder that a system built to measure fuel can also become a weak point in the broader grid of everyday life.
