Iranian hackers have breached tank monitoring systems at gas stations across the United States, marking the latest escalation in Tehran's cyber warfare campaign against American critical infrastructure, according to U.S. officials and security researchers.
The cyberattack, first detected last week, compromised automated tank gauges that monitor fuel levels and detect leaks at thousands of service stations nationwide. While the breach has not disrupted fuel supplies, security officials warn that it demonstrates Iran's growing capability to target systems that underpin daily American life.
"We have high confidence that this activity is attributable to Iranian state-sponsored actors," said Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, in a statement Thursday. "This is part of a broader pattern of malicious cyber activity by Iran against U.S. critical infrastructure."
Echoes of Colonial Pipeline
The targeting of fuel infrastructure inevitably recalls the May 2021 Colonial Pipeline ransomware attack, which caused widespread fuel shortages along the East Coast and led to panic buying and price spikes. That attack, attributed to a Russian cybercriminal group, demonstrated the vulnerability of aging infrastructure to digital threats.
However, the Iranian operation differs in both method and apparent intent. Rather than deploying ransomware for financial gain, the hackers appear to have been conducting reconnaissance—mapping systems, identifying vulnerabilities, and positioning themselves for potential future attacks.
John Hultquist, chief analyst at Google Cloud's Mandiant intelligence team, said the campaign bears the hallmarks of cyber units previously linked to attacks on infrastructure. he said.
