Related videos:
Government officials in the United States suspect that Iranian hackers are behind a series of intrusions into systems that monitor fuel levels in storage tanks supplying gas stations in several states across the country, according to CNN.
The attackers explored automatic tank gauging systems —known by their English acronym ATG— that were connected to the internet and had no password protection.
That vulnerability allowed them, in some cases, to manipulate the readings displayed on the tank screens, although not the actual levels of stored fuel.
So far, there is no evidence that the intrusions have caused physical damage, but the incident has raised serious concerns among the authorities.
Private experts and U.S. officials warn that, in theory, access to an ATG system could allow an attacker to "cause a gas leak without being detected," posing a serious risk to public safety.
Both the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI declined to comment publicly on the incident, according to CNN.
Iran, the main suspect, has a documented history of attacks against this type of system. Sources consulted by CNN stated that "Iran's history of attacking gas tank systems makes it one of the primary suspects."
However, the same sources warned that “the U.S. government might not be able to definitively determine who was responsible due to the lack of forensic evidence left by the hackers.”
The incident occurs in the context of the armed conflict between the U.S. and Israel against Iran, which began on February 28, 2026, severely degrading Tehran's conventional military capacity. According to U.S. Central Command (CENTCOM), the campaign has targeted over 12,300 military objectives within Iranian territory.
In that scenario, cyberattacks represent an alternative means for Iran to threaten critical infrastructure on American soil, which remains beyond the reach of its drones and missiles. If Iranian involvement is confirmed, it would be the latest instance of Tehran acting against targets on the continental U.S. territory.
This episode fits within a broader pattern of Iranian cyber operations. In November 2023, the U.S. and its allies identified the group "Cyber Av3ngers," linked to the Islamic Revolutionary Guard Corps (IRGC), for intrusions against industrial devices in various Western countries. In October 2024, CISA and the FBI issued a specific joint alert regarding the vulnerability of ATG systems connected to the internet without adequate protection.
The most significant precedent on U.S. soil remains the ransomware attack on the Colonial Pipeline in May 2021, attributed to the Russian group DarkSide, which shut down the system for six days and caused fuel shortages in the southeastern United States, affecting 87% of gas stations in Washington D.C.
The case also highlights a persistent vulnerability: critical infrastructure operators in the U.S. "have struggled to protect their systems despite years of federal urging," according to the EFE agency.
Filed under: