CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 18, 2026

Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive

Dark Reading Archived May 18, 2026 ✓ Full text saved

Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.

Full text archived locally
✦ AI Summary · Claude Sonnet


    CYBERATTACKS & DATA BREACHES CYBER RISK ICS/OT SECURITY CYBERSECURITY OPERATIONS NEWS Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors. Elizabeth Montalbano,Contributing Writer May 18, 2026 4 Min Read SOURCE: HAKAN GIDER VIA ALAMY STOCK PHOTO Iranian hackers reportedly breached systems that monitor fuel levels in storage tanks serving gas stations around the US, demonstrating yet again the changing nature of modern warfare and Iran's cyber reach beyond its active military engagement with the US and Israel. Threat actors from Iran allegedly exploited automatic tank gauge (ATG) systems that were exposed online and lacked password protections, according to a report published by CNN Friday that cited sources familiar with the incident. Attackers managed to change display readings on the tanks but not the actual levels of fuel in them, according to the report. For more than a decade, security experts have warned about the risks posed by insecure ATG systems that can be hacked or tampered with by threat actors. Last year, an RSAC Conference 2025 session detailed how an attack on such systems by a skilled threat actor could trigger cascading effects leading to a disruption of critical infrastructure.  Related:Congress Puts Heat on Instructure After Canvas Outage Iran is the suspected perpetrator of the recent attacks due to its history of targeting gas tank systems, though lack of forensic evidence makes it difficult to identify the attacker with certainty, according to the report. It also makes sense that Iran would be the culprit, given that it's currently engaged in an ongoing conflict with the US and Israel that has resulted in the closure of the Strait of Hormuz — a critical waterway for the transport of oil in the region.  Though active military engagement is on pause for now due to a shaky ceasefire, oil prices remain volatile and higher than usual — which, in turn, has caused the price of fuel to rise worldwide, creating disruption for industries and citizens alike. Dark Reading contacted the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) for comment, but neither organization had responded at press time.  LOADING... No Damage from ATG Compromises for Now At this point, there appears to be no significant disruption to fuel-related critical infrastructure in the US due to the attack. However, the incident is a clear example of "how geopolitical conflict no longer stays confined to traditional battlefields," Louis Eichenbaum, federal chief technology officer (CTO) at security firm ColorTokens, tells Dark Reading via email. Indeed, critical infrastructure already has been both target and pawn in the kinetic war; both Iranian and US/Israeli forces have either targeted or threatened to destroy critical infrastructure in rival countries via cyber or bombing attacks, or both.  Related:Cyber Pioneers Ponder Past as Prologue Last month, the US government warned that Iran-affiliated threat actors were disrupting US critical infrastructure through attacks on Internet-exposed operational technology (OT) devices across various sectors. President Trump, meanwhile, has repeatedly threatened to destroy power plants and other infrastructure in Iran if its leaders didn't capitulate to US demands. While neither side has dealt a massive blow yet, even a seemingly "minor" incident like the one reported last week "can send a strategic message: we can reach into your communities and affect daily life," Eichenbaum says. Cyberattacks in general have become commonplace as part of modern military conflict over the past two decades, so the report of the fuel tank-monitor attack is "nothing new to see," says John Gallagher, vice president of Viakoo Labs at Viakoo. Since the beginning of the current conflict — which started on Feb. 28 when the US and Israel bombed Iran — analysts have predicted that Iran would use cyber capabilities against its adversaries, given that it can't evenly match them militarily. As if on cue soon after the war started, Iranian threat groups and other supporters launched a barrage of cyberattacks to support the country's military effort. Related:'FrostyNeighbor' APT Carefully Targets Govt Orgs in Poland, Ukraine "Iranian-affiliated actors have shown they can exploit exposed, poorly secured OT systems and use them for disruption, intimidation, and strategic signaling," Eichenbaum says.  Be Prepared for Anything What this means is that US critical infrastructure providers need to be prepared to defend against even unsophisticated attacks that target what may seem like insignificant weaknesses, Eichenbaum says.  "The most urgent risk is often basic exposure: Internet-facing OT, weak access controls, flat networks, poor visibility, and limited segmentation," he tells Dark Reading. "Strategic defense must focus on resilience, containment, and reducing blast radius." That picture can be helpful to mitigating impact, which can be far greater than those on the physical battlefield and extend well beyond the region where the military conflict is taking place. In critical infrastructure attacks, the stakehholders are, "in theory, everyone," observes Gallagher, who cited the Colonial Pipeline incident as an example of how such an attack can have a ripple effect across large swathes of the population. That attack in May 2021 triggered a fuel shortage and price hikes that prompted four US states along the East Coast to declare a state of emergency. To minimize these disruptive scenarios, critical infrastructure defenders need structured policies that are audited and automated solutions that ensure compliancy, similar to how enterprise organizations handle matters of secrity, he says. In fact, he adds, in the future, "we will likely see OT and IoT systems governed within organizations no differently than IT cybersecurity is." About the Author Elizabeth Montalbano Contributing Writer Elizabeth Montalbano is freelance writer, editor, and  journalist with 30 years of professional experience and a master's degree from Arizona State University. Her areas of expertise include enterprise technology, cybersecurity, business, and culture. During her long career, Elizabeth has lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City. She specializes in news coverage and analysis, using her years of experience to look at the current state of cybersecurity with a critical gaze. She currently resides in a village on the southwest coast of Portugal, where in her free time she enjoys surfing, hiking with her dogs, growing plants, and playing and performing as a singer and musician. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Access More Research Webinars How Security Teams should apply Threat Intelligence into their Defenses What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization? Your Guide to Securing AI Adoption in Your Organization The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace Prompt Injection Is Just the Start: Securing LLMs in AI Systems More Webinars You May Also Like CYBERATTACKS & DATA BREACHES Critical Fortinet Flaws Under Active Attack by Jai Vijayan, Contributing Writer DEC 17, 2025 CYBERATTACKS & DATA BREACHES CISA Warns of 'Ongoing' Brickstorm Backdoor Attacks by Rob Wright DEC 04, 2025 CYBERATTACKS & DATA BREACHES F5 BIG-IP Environment Breached by Nation-State Actor by Alexander Culafi OCT 15, 2025 CYBERATTACKS & DATA BREACHES Jaguar Land Rover Shows Cyberattacks Mean (Bad) Business by Robert Lemos, Contributing Writer OCT 03, 2025 Editor's Choice THREAT INTELLIGENCE From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber byDark Reading Editorial Team MAY 6, 2026 31 MIN READ CYBER RISK Physical Cargo Theft Gets a Boost From Cybercriminals byRobert Lemos MAY 4, 2026 5 MIN READ CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... RSAC 2026: key news & insights At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more Get Your Recap Webinars How Security Teams should apply Threat Intelligence into their Defenses THURS, JUNE 11, 2026 AT 1PM EST What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization? WED, JUNE 3, 2026 AT 1PM EST Your Guide to Securing AI Adoption in Your Organization TUES, JUNE 9, 2026 AT 1PM EST The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace WED, JUNE 24,2026 AT 1PM EST Prompt Injection Is Just the Start: Securing LLMs in AI Systems TUES, MAY 26, 2026, AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS
    💬 Team Notes
    Article Info
    Source
    Dark Reading
    Category
    ◇ Industry News & Leadership
    Published
    May 18, 2026
    Archived
    May 18, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗