Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive
Dark ReadingArchived May 18, 2026✓ Full text saved
Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.
Full text archived locally
✦ AI Summary· Claude Sonnet
CYBERATTACKS & DATA BREACHES
CYBER RISK
ICS/OT SECURITY
CYBERSECURITY OPERATIONS
NEWS
Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive
Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.
Elizabeth Montalbano,Contributing Writer
May 18, 2026
4 Min Read
SOURCE: HAKAN GIDER VIA ALAMY STOCK PHOTO
Iranian hackers reportedly breached systems that monitor fuel levels in storage tanks serving gas stations around the US, demonstrating yet again the changing nature of modern warfare and Iran's cyber reach beyond its active military engagement with the US and Israel.
Threat actors from Iran allegedly exploited automatic tank gauge (ATG) systems that were exposed online and lacked password protections, according to a report published by CNN Friday that cited sources familiar with the incident. Attackers managed to change display readings on the tanks but not the actual levels of fuel in them, according to the report.
For more than a decade, security experts have warned about the risks posed by insecure ATG systems that can be hacked or tampered with by threat actors. Last year, an RSAC Conference 2025 session detailed how an attack on such systems by a skilled threat actor could trigger cascading effects leading to a disruption of critical infrastructure.
Related:Congress Puts Heat on Instructure After Canvas Outage
Iran is the suspected perpetrator of the recent attacks due to its history of targeting gas tank systems, though lack of forensic evidence makes it difficult to identify the attacker with certainty, according to the report. It also makes sense that Iran would be the culprit, given that it's currently engaged in an ongoing conflict with the US and Israel that has resulted in the closure of the Strait of Hormuz — a critical waterway for the transport of oil in the region.
Though active military engagement is on pause for now due to a shaky ceasefire, oil prices remain volatile and higher than usual — which, in turn, has caused the price of fuel to rise worldwide, creating disruption for industries and citizens alike.
Dark Reading contacted the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) for comment, but neither organization had responded at press time.
LOADING...
No Damage from ATG Compromises for Now
At this point, there appears to be no significant disruption to fuel-related critical infrastructure in the US due to the attack. However, the incident is a clear example of "how geopolitical conflict no longer stays confined to traditional battlefields," Louis Eichenbaum, federal chief technology officer (CTO) at security firm ColorTokens, tells Dark Reading via email.
Indeed, critical infrastructure already has been both target and pawn in the kinetic war; both Iranian and US/Israeli forces have either targeted or threatened to destroy critical infrastructure in rival countries via cyber or bombing attacks, or both.
Related:Cyber Pioneers Ponder Past as Prologue
Last month, the US government warned that Iran-affiliated threat actors were disrupting US critical infrastructure through attacks on Internet-exposed operational technology (OT) devices across various sectors. President Trump, meanwhile, has repeatedly threatened to destroy power plants and other infrastructure in Iran if its leaders didn't capitulate to US demands.
While neither side has dealt a massive blow yet, even a seemingly "minor" incident like the one reported last week "can send a strategic message: we can reach into your communities and affect daily life," Eichenbaum says.
Cyberattacks in general have become commonplace as part of modern military conflict over the past two decades, so the report of the fuel tank-monitor attack is "nothing new to see," says John Gallagher, vice president of Viakoo Labs at Viakoo.
Since the beginning of the current conflict — which started on Feb. 28 when the US and Israel bombed Iran — analysts have predicted that Iran would use cyber capabilities against its adversaries, given that it can't evenly match them militarily. As if on cue soon after the war started, Iranian threat groups and other supporters launched a barrage of cyberattacks to support the country's military effort.
Related:'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine
"Iranian-affiliated actors have shown they can exploit exposed, poorly secured OT systems and use them for disruption, intimidation, and strategic signaling," Eichenbaum says.
Be Prepared for Anything
What this means is that US critical infrastructure providers need to be prepared to defend against even unsophisticated attacks that target what may seem like insignificant weaknesses, Eichenbaum says.
"The most urgent risk is often basic exposure: Internet-facing OT, weak access controls, flat networks, poor visibility, and limited segmentation," he tells Dark Reading. "Strategic defense must focus on resilience, containment, and reducing blast radius."
That picture can be helpful to mitigating impact, which can be far greater than those on the physical battlefield and extend well beyond the region where the military conflict is taking place. In critical infrastructure attacks, the stakehholders are, "in theory, everyone," observes Gallagher, who cited the Colonial Pipeline incident as an example of how such an attack can have a ripple effect across large swathes of the population. That attack in May 2021 triggered a fuel shortage and price hikes that prompted four US states along the East Coast to declare a state of emergency.
To minimize these disruptive scenarios, critical infrastructure defenders need structured policies that are audited and automated solutions that ensure compliancy, similar to how enterprise organizations handle matters of secrity, he says. In fact, he adds, in the future, "we will likely see OT and IoT systems governed within organizations no differently than IT cybersecurity is."
About the Author
Elizabeth Montalbano
Contributing Writer
Elizabeth Montalbano is freelance writer, editor, and journalist with 30 years of professional experience and a master's degree from Arizona State University. Her areas of expertise include enterprise technology, cybersecurity, business, and culture. During her long career, Elizabeth has lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City. She specializes in news coverage and analysis, using her years of experience to look at the current state of cybersecurity with a critical gaze. She currently resides in a village on the southwest coast of Portugal, where in her free time she enjoys surfing, hiking with her dogs, growing plants, and playing and performing as a singer and musician.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management
2025 State of Malware
Access More Research
Webinars
How Security Teams should apply Threat Intelligence into their Defenses
What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?
Your Guide to Securing AI Adoption in Your Organization
The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace
Prompt Injection Is Just the Start: Securing LLMs in AI Systems
More Webinars
You May Also Like
CYBERATTACKS & DATA BREACHES
Critical Fortinet Flaws Under Active Attack
by Jai Vijayan, Contributing Writer
DEC 17, 2025
CYBERATTACKS & DATA BREACHES
CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks
by Rob Wright
DEC 04, 2025
CYBERATTACKS & DATA BREACHES
F5 BIG-IP Environment Breached by Nation-State Actor
by Alexander Culafi
OCT 15, 2025
CYBERATTACKS & DATA BREACHES
Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business
by Robert Lemos, Contributing Writer
OCT 03, 2025
Editor's Choice
THREAT INTELLIGENCE
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
byDark Reading Editorial Team
MAY 6, 2026
31 MIN READ
CYBER RISK
Physical Cargo Theft Gets a Boost From Cybercriminals
byRobert Lemos
MAY 4, 2026
5 MIN READ
CYBER RISK
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
byDark Reading Editorial Team
APR 28, 2026
Want more Dark Reading stories in your Google search results?
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SUBSCRIBE
LOADING...
RSAC 2026: key news & insights
At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more
Get Your Recap
Webinars
How Security Teams should apply Threat Intelligence into their Defenses
THURS, JUNE 11, 2026 AT 1PM EST
What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?
WED, JUNE 3, 2026 AT 1PM EST
Your Guide to Securing AI Adoption in Your Organization
TUES, JUNE 9, 2026 AT 1PM EST
The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace
WED, JUNE 24,2026 AT 1PM EST
Prompt Injection Is Just the Start: Securing LLMs in AI Systems
TUES, MAY 26, 2026, AT 1PM EST
More Webinars
BLACK HAT USA | MANDALAY BAY, LAS VEGAS
The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.
GET YOUR PASS