[ad_1]
Iranian hackers reportedly breached systems that monitor fuel levels in storage tanks serving gas stations around the US, demonstrating yet again the changing nature of modern warfare and Iran’s cyber reach beyond its active military engagement with the US and Israel.
Threat actors from Iran allegedly exploited automatic tank gauge (ATG) systems that were exposed online and lacked password protections, according to a report published by CNN Friday that cited sources familiar with the incident. Attackers managed to change display readings on the tanks but not the actual levels of fuel in them, according to the report.
For more than a decade, security experts have warned about the risks posed by insecure ATG systems that can be hacked or tampered with by threat actors. Last year, an RSAC Conference 2025 session detailed how an attack on such systems by a skilled threat actor could trigger cascading effects leading to a disruption of critical infrastructure.
Iran is the suspected perpetrator of the recent attacks due to its history of targeting gas tank systems, though lack of forensic evidence makes it difficult to identify the attacker with certainty, according to the report. It also makes sense that Iran would be the culprit, given that it’s currently engaged in an ongoing conflict with the US and Israel that has resulted in the closure of the Strait of Hormuz — a critical waterway for the transport of oil in the region.
Though active military engagement is on pause for now due to a shaky ceasefire, oil prices remain volatile and higher than usual — which, in turn, has caused the price of fuel to rise worldwide, creating disruption for industries and citizens alike.
Dark Reading contacted the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) for comment, but neither organization had responded at press time.
No Damage from ATG Compromises for Now
At this point, there appears to be no significant disruption to fuel-related critical infrastructure in the US due to the attack. However, the incident is a clear example of « how geopolitical conflict no longer stays confined to traditional battlefields, » Louis Eichenbaum, federal chief technology officer (CTO) at security firm ColorTokens, tells Dark Reading via email.
Indeed, critical infrastructure already has been both target and pawn in the kinetic war; both Iranian and US/Israeli forces have either targeted or threatened to destroy critical infrastructure in rival countries via cyber or bombing attacks, or both.
Last month, the US government warned that Iran-affiliated threat actors were disrupting US critical infrastructure through attacks on Internet-exposed operational technology (OT) devices across various sectors. President Trump, meanwhile, has repeatedly threatened to destroy power plants and other infrastructure in Iran if its leaders didn’t capitulate to US demands.
While neither side has dealt a massive blow yet, even a seemingly « minor » incident like the one reported last week « can send a strategic message: we can reach into your communities and affect daily life, » Eichenbaum says.
Cyberattacks in general have become commonplace as part of modern military conflict over the past two decades, so the report of the fuel tank-monitor attack is « nothing new to see, » says John Gallagher, vice president of Viakoo Labs at Viakoo.
Since the beginning of the current conflict — which started on Feb. 28 when the US and Israel bombed Iran — analysts have predicted that Iran would use cyber capabilities against its adversaries, given that it can’t evenly match them militarily. As if on cue soon after the war started, Iranian threat groups and other supporters launched a barrage of cyberattacks to support the country’s military effort.
« Iranian-affiliated actors have shown they can exploit exposed, poorly secured OT systems and use them for disruption, intimidation, and strategic signaling, » Eichenbaum says.
Be Prepared for Anything
What this means is that US critical infrastructure providers need to be prepared to defend against even unsophisticated attacks that target what may seem like insignificant weaknesses, Eichenbaum says.
« The most urgent risk is often basic exposure: Internet-facing OT, weak access controls, flat networks, poor visibility, and limited segmentation, » he tells Dark Reading. « Strategic defense must focus on resilience, containment, and reducing blast radius. »
That picture can be helpful to mitigating impact, which can be far greater than those on the physical battlefield and extend well beyond the region where the military conflict is taking place. In critical infrastructure attacks, the stakehholders are, « in theory, everyone, » observes Gallagher, who cited the Colonial Pipeline incident as an example of how such an attack can have a ripple effect across large swathes of the population. That attack in May 2021 triggered a fuel shortage and price hikes that prompted four US states along the East Coast to declare a state of emergency.
To minimize these disruptive scenarios, critical infrastructure defenders need structured policies that are audited and automated solutions that ensure compliancy, similar to how enterprise organizations handle matters of secrity, he says. In fact, he adds, in the future, « we will likely see OT and IoT systems governed within organizations no differently than IT cybersecurity is. »
[ad_2]
Source link
