By Sean Lyngaas, CNN
(CNN) — US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity.
The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them in some cases to tinker with display readings on the tanks but not the actual levels of fuel in them, the sources said.
The cyber intrusions are not known to have caused physical damage or harm, but the breaches have raised safety concerns because gaining access to an ATG could, in theory, allow a hacker to make a gas leak go undetected, according to private experts and US officials.
The sources briefed on the investigation said Iran’s history of targeting the gas tank systems is one reason the country is a top suspect. But, the sources cautioned, the US government may not be able to definitively determine who was responsible because of a lack of forensic evidence left by the hackers.
CNN has requested comment on the ATG hack from the US Cybersecurity and Infrastructure Security Agency. The FBI declined to comment.
If Iran’s involvement is confirmed, it would be the latest case of Tehran threatening critical infrastructure in the US homeland, which remains out of reach of Iranian drones and missiles, amid the US and Israeli war with Iran.
It could also raise a politically sensitive issue for the Trump administration by drawing further attention to higher gas prices caused by the war. Seventy-five percent of US adults surveyed in a recent CNN poll said the Iran war had a negative effect on their finances.
The hacking campaign is also a warning to many US critical infrastructure operators who have struggled to secure their systems despite years of federal exhortations.
Iranian hacking groups have long looked for low-hanging fruit — critical US computer systems sitting online that interact with oil and gas sites and water systems, for example. After Hamas attacked Israel on October 7, 2023, US officials blamed hackers affiliated with Iran’s Islamic Revolutionary Guard Corps for a series of attacks on US water utilities that displayed an anti-Israel message on equipment used to manage water pressure.
Cybersecurity researchers have been warning about internet-facing ATGs for over a decade. In 2015, security firm Trend Micro put mock ATG systems online to see what kind of hackers would target them. A pro-Iran group was quick to surface.
A 2021 report from Sky News cited internal documents from the Islamic Revolutionary Guard Corps that singled out ATGs as a potential target for a disruptive cyberattack on gas statio