American officials suspect Iranian hackers may have breached systems that monitor fuel storage tanks at gas stations across several US states, according to a report by CNN. Investigators said the attackers targeted automatic tank gauge (ATG) systems that were connected to the internet without password protection. Officials said hackers managed to manipulate the numbers displayed on some monitoring screens, but they could not change the actual fuel levels inside the tanks. The incident has raised fresh concerns about the vulnerability of critical infrastructure in the United States amid growing cyber tensions linked to the ongoing US-Israeli conflict with Iran.
Experts Warn of Serious Risks
Cybersecurity experts warned that such attacks could become far more dangerous if hackers gain deeper access to fuel monitoring systems. Officials said attackers could theoretically hide a real gas leak by altering system readings, making it difficult for operators to detect a serious hazard.
Nick Tausek, lead security automation architect at Swimlane, said attackers often exploit poorly protected operational systems. “Gas stations, tank readers, water systems, and industrial controllers may not sound high-profile, but they give attackers a way to turn a technical breach into public confusion and operational stress,” Tausek told Security magazine. He added that many attacks succeed because of “exposed operational technology and weak remote access.”
Fuel Systems Becoming Major Cyber Targets
Ross Filipek, chief information security officer at Corsica Technologies, said fuel infrastructure has become an attractive target for hackers because it directly affects supply chains and public confidence.
“You don’t need to knock out the entire energy sector to create panic,” Filipek told Security magazine. “If fuel access slows, storage readings are manipulated, or operators are forced into manual processes, the impact can quickly move from technical inconvenience to real-world operational risk.”
He warned that large-scale attacks on fuel systems could trigger serious supply chain disruptions and economic pressure across the country. “Operators should be treating these systems as critical infrastructure, not back-office equipment,” Filipek added.
Why Investigators Suspect Iran
According to CNN, investigators consider Iran a leading suspect because Iranian-linked groups have previously targeted similar gas tank monitoring systems. However, officials admitted they may never be able to conclusively identify the attackers because the hackers reportedly left very little digital evidence behind.
If Iran’s involvement is confirmed, it would mark another alleged attempt by Tehran to target critical American infrastructure during the ongoing US-Israeli war. Earlier, an Iran-linked hacking group known as Handala allegedly used Telegram channels to compromise Gmail accounts connected to senior US officials.
The cyber incidents may also create political pressure for the administration of Donald Trump, especially as concerns grow over rising fuel prices linked to tensions around the Strait of Hormuz.
Experts Fear Cyberattacks Could Escalate
Kevin Kirkwood, chief information security officer at Exabeam, described the incident as extremely serious. “This is on the verge of a kinetic cyber attack,” Kirkwood told Security magazine.
He said the attack highlights a growing shift in cyber warfare, where hackers increasingly target operational systems instead of simply stealing data. “This is not really about gas stations,” he said. Kirkwood also warned that the growing use of artificial intelligence and automated digital systems could make future cyberattacks even more dangerous.
“As organisations adopt more AI, agents, and digital workers to automate decisions and operations, the risk grows that compromised data or manipulated systems could trigger larger operational disruptions at machine speed,” Kirkwood said.
Iran’s Cyber Capabilities Expanding Rapidly
American officials said Iran-linked hackers have carried out several disruptive cyber activities since the US-Israeli war on Iran began on February 28.
Yossi Karadi told CNN that Iran’s cyber operations during the conflict have shown “a significant increase in the scale, speed, and integration between cyber operations and psychological campaigns.” Cybersecurity experts also said Iran’s hacking tactics are evolving quickly.
Allison Wikoff, a director on PwC’s threat intelligence team, said Iran’s cyber campaigns are becoming faster and more sophisticated.
“Iran's cyber operations are now accelerating with faster iteration, more layered hacktivist personas, and likely AI-driven scaling for reconnaissance and phishing,” Wikoff told CNN.
She added that Iranian-linked groups are rapidly producing “good-enough” malicious software and launching campaigns to steal and leak data from civilian infrastructure and media organisations.
Gabrielle Hempel, security operations strategist at Exabeam, said future wars will increasingly involve cyber warfare.
“The next war is going to have large portions that are waged online,” Hempel said. “You no longer need to ‘blow something up’ kinetically to create instability.”
She added that attacks on fuel monitoring systems exist in “a gray area between nuisance and legitimate disruption.”