Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsSponsored ContentDevs Got Agentic Workflows. What Did Security Engineers Get?Devs Got Agentic Workflows. What Did Security Engineers Get?May 18, 20264 Min ReadApplication SecurityAttackers Weaponize RubyGems for Data Dead DropsAttackers Weaponize RubyGems for Data Dead DropsbyAlexander CulafiMay 13, 20264 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyberattacks & Data BreachesCyber RiskICS/OT SecurityCybersecurity OperationsNewsFuel Tank Breaches Expand Scope of Iran's Cyber OffensiveSecurity experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.Elizabeth Montalbano,Contributing WriterMay 18, 20264 Min ReadSource: Hakan Gider via Alamy Stock PhotoIranian hackers reportedly breached systems that monitor fuel levels in storage tanks serving gas stations around the US, demonstrating yet again the changing nature of modern warfare and Iran's cyber reach beyond its active military engagement with the US and Israel.Threat actors from Iran allegedly exploited automatic tank gauge (ATG) systems that were exposed online and lacked password protections, according to a report published by CNN Friday that cited sources familiar with the incident. Attackers managed to change display readings on the tanks but not the actual levels of fuel in them, according to the report.For more than a decade, security experts have warned about the risks posed by insecure ATG systems that can be hacked or tampered with by threat actors. Last year, an RSAC Conference 2025 session detailed how an attack on such systems by a skilled threat actor could trigger cascading effects leading to a disruption of critical infrastructure. Related:Congress Puts Heat on Instructure After Canvas OutageIran is the suspected perpetrator of the recent attacks due to its history of targeting gas tank systems, though lack of forensic evidence makes it difficult to identify the attacker with certainty, according to the report. It also makes sense that Iran would be the culprit, given that it's currently engaged in an ongoing conflict with the US and Israel that has resulted in the closure of the Strait of Hormuz — a critical waterway for the transport of oil in the region. Though active military engagement is on pause for now due to a shaky ceasefire, oil prices remain volatile and higher than usual — which, in turn, has caused the price of fuel to rise worldwide, creating disruption for industries and citizens alike.Dark Reading contacted the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) for comment, but neither organization had responded at press time. No Damage from ATG Compromises for NowAt this point, there appears to be no significant disruption to fuel-related critical infrastructure in the US due to the attack. However, the incident is a clear example of "how geopolitical conflict no longer stays confined to traditional battlefields," Louis Eichenbaum, federal chief technology officer (CTO) at security firm ColorTokens, tells Dark Reading via email.Indeed, critical infrastructure already has been both target and pawn in the kinetic war; both Iranian and US/Israeli forces have either targeted or threatened to destroy critical infrastructure in rival countries via cyber or bombing attacks, or both. Related:Cyber Pioneers Ponder Past as PrologueLast month, the US government warned that Iran-affiliated threat actors were disrupting US critical infrastructure through attacks on Internet-exposed operational technology (OT) devices across various sectors. President Trump, meanwhile, has repeatedly threatened to destroy power plants and other infrastructure in Iran if its leaders didn't capitulate to US demands.While neither side has dealt a massive blow yet, even a seemingly "minor" incident like the one reported last week "can send a strategic message: we can reach into your communities and affect daily life," Eichenbaum says.Cyberattacks in general have become commonplace as part of modern military conflict over the past two decades, so the report of the fuel tank-monitor attack is "nothing new to see," says John Gallagher, vice president of Viakoo Labs at Viakoo.Since the beginning of the current conflict — which started on Feb. 28 when the US and Israel bombed Iran — analysts have predicted that Iran would use cyber capabilities against its adversaries, given that it can't evenly match them militarily. As if on cue soon after the war started, Iranian threat groups and other supporters launched a barrage of cyberattacks to support the country's military effort.Related:'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine"Iranian-affiliated actors have shown they can exploit exposed, poorly secured OT systems and use them for disruption, intimidation, and strategic signaling," Eichenbaum says. Be Prepared for AnythingWhat this means is that US critical infrastructure providers need to be prepared to defend against even unsophisticated attacks that target what may seem like insignificant weaknesses, Eichenbaum says. "The most urgent risk is often basic exposure: Internet-facing OT, weak access controls, flat networks, poor visibility, and limited segmentation," he tells Dark Reading. "Strategic defense must focus on resilience, containment, and reducing blast radius."That picture can be helpful to mitigating impact, which can be far greater than those on the physical battlefield and extend well beyond the region where the military conflict is taking place. In critical infrastructure attacks, the stakehholders are, "in theory, everyone," observes Gallagher, who cited the Colonial Pipeline incident as an example of how such an attack can have a ripple effect across large swathes of the population. That attack in May 2021 triggered a fuel shortage and price hikes that prompted four US states along the East Coast to declare a state of emergency.To minimize these disruptive scenarios, critical infrastructure defenders need structured policies that are audited and automated solutions that ensure compliancy, similar to how enterprise organizations handle matters of secrity, he says. In fact, he adds, in the future, "we will likely see OT and IoT systems governed within organizations no differently than IT cybersecurity is."About the AuthorElizabeth MontalbanoContributing WriterElizabeth Montalbano is freelance writer, editor, and  journalist with 30 years of professional experience and a master's degree from Arizona State University. Her areas of expertise include enterprise technology, cybersecurity, business, and culture. During her long career, Elizabeth has lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City. She specializes in news coverage and analysis, using her years of experience to look at the current state of cybersecurity with a critical gaze. She currently resides in a village on the southwest coast of Portugal, where in her free time she enjoys surfing, hiking with her dogs, growing plants, and playing and performing as a singer and musician.See more from Elizabeth MontalbanoWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsHow Security Teams should apply Threat Intelligence into their DefensesYour Guide to Securing AI Adoption in Your OrganizationWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsHow Security Teams should apply Threat Intelligence into their DefensesThurs, June 11, 2026 at 1pm ESTYour Guide to Securing AI Adoption in Your OrganizationTues, June 9, 2026 at 1pm ESTWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?Wed, June 3, 2026 at 1pm ESTThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

Security experts have long cautioned that insecure automatic tank gauge systems exposed online present significant vulnerabilities that threat actors can exploit. This concern was underscored by a recent report suggesting that Iranian hackers successfully breached systems monitoring fuel levels in storage tanks serving US gas stations by exploiting automatic tank gauge systems that lacked proper password protection. Although the attackers were able to alter display readings, the report noted they did not change the actual fuel levels themselves.

This incident highlights how geopolitical conflict transcends traditional battlefields, demonstrating Iran's cyber reach beyond its active military engagements with the United States and Israel. While there is currently no evidence of widespread disruption to US fuel-related critical infrastructure, the event serves as a powerful illustration of how conflicts can impact daily life and economic stability through cyber means. The volatility in oil prices, exacerbated by the ongoing conflict, further contributes to broader industrial and civilian disruption.

The report suggests that Iran is the likely perpetrator due to its history of targeting gas tank systems, especially considering the conflict surrounding the Strait of Hormuz, a vital oil transport route. Furthermore, the broader context indicates that critical infrastructure is vulnerable to being both a target and a pawn in kinetic warfare, as demonstrated by attacks conducted by both Iranian and US/Israeli forces. Even seemingly minor incidents can send strategic messages regarding the ability to affect community life.

Security analysts have noted that cyberattacks targeting operational technology (OT) devices can trigger cascading effects leading to major infrastructure disruption. This threat is amplified because attackers can exploit poorly secured OT systems and use them for strategic signaling. This phenomenon is not new; cyberattacks are now commonplace in modern military conflicts.

The most urgent security challenge for critical infrastructure providers is addressing basic exposure: Internet-facing OT systems, weak access controls, flat networks, poor visibility, and insufficient segmentation. Experts emphasize that strategic defense must prioritize resilience, containment, and reducing the potential blast radius of an attack. The overall impact of such attacks can far exceed physical battlefield damage.

To mitigate these disruptive scenarios, defenders need to implement structured policies and automated solutions that ensure compliance, mirroring the security measures enterprise organizations employ. Looking forward, there is a growing consensus that operational technology and internet of things systems will likely be governed within organizations with the same rigor applied to traditional IT cybersecurity. This necessitates a future where OT and IoT systems are managed with similar oversight as IT security.