WASHINGTON — U.S. officials are investigating a wave of cyber intrusions targeting fuel monitoring systems at gas stations across multiple states, with investigators suspecting Iranian-linked hackers exploited weakly secured infrastructure to manipulate digital fuel readings, according to multiple sources familiar with the probe, May 16, 2026.
Authorities say the hackers accessed internet-connected automatic tank gauge (ATG) systems that were left unprotected by passwords, raising alarms over potential blind spots in critical safety systems, even though no physical fuel disruption has been confirmed.
Iran gas station hack: How the breach unfolded
Officials say the attackers gained entry to ATG systems used to monitor underground fuel storage levels and altered display readings without changing actual fuel quantities. The systems, widely used across the U.S. fuel retail network, were reportedly exposed to the internet without basic security protections.
While the manipulation did not result in physical damage or service outages, cybersecurity analysts warned that compromised ATG systems could, in theory, prevent detection of hazardous leaks or other emergencies, raising broader infrastructure safety concerns.
The FBI and the Cybersecurity and Infrastructure Security Agency have not publicly attributed the campaign, but sources said Iran’s history of targeting industrial control systems is a key factor in why investigators are focusing on Tehran-linked actors.
“Iran’s history of targeting gas tank systems is one reason the country is a top suspect,” one source briefed on the investigation said, adding that attribution remains uncertain due to limited forensic evidence.
Iran-linked hackers and a growing infrastructure threat
Security experts say the incident fits a broader pattern of Iranian cyber activity aimed at critical infrastructure systems, including energy, water, and industrial controls. Recent federal advisories have warned that such attacks are increasingly focused on operational technology systems that are often outdated or poorly secured.
In this case, investigators say the attackers exploited internet-facing devices commonly deployed across fuel station networks, highlighting long-standing concerns about exposed industrial systems that were never designed for direct online access.
Officials emphasized that while the breaches did not alter physical fuel levels, the manipulation of monitoring data alone presents operational risks, especially in emergency response scenarios.
Iran has previously been linked—through attribution claims and intelligence assessments—to disruptive cyber activity against energy infrastructure in the region. A similar campaign in 2023 saw widespread disruption of Iran’s own fuel distribution network, with hackers reportedly knocking out a large share of gas stations across the country.
Pattern of escalation in cyber operations
The latest U.S. investigation comes amid a broader escalation in cyber operations attributed to Iranian-linked groups, which have increasingly targeted industrial systems beyond traditional espionage or data theft.
Cybersecurity analysts note that past incidents suggest a shift toward disruptive tactics aimed at both physical infrastructure and public confidence. In previous cases, Iranian-affiliated groups have been associated with attacks on transportation systems, manufacturing operations, and energy networks worldwide.
Experts say the ATG breaches underscore a recurring vulnerability: legacy industrial systems being connected to the internet without adequate safeguards.
Federal agencies have recently warned that such weaknesses could be exploited not only for manipulation of readings but also to obscure real-world hazards, potentially delaying emergency response actions.
Iran gas station hack raises national security concerns
Although officials stress that no physical harm has been reported in the current incident, the implications have raised concern within U.S. security circles. The ability to interfere with fuel monitoring systems—even without altering actual fuel supply—represents a growing hybrid threat combining cyber intrusion with critical infrastructure exposure.
Investigators are continuing to trace the origin of the attacks, and officials caution that definitive attribution may remain difficult. However, the incident is expected to intensify scrutiny of industrial cybersecurity standards across the U.S. energy sector.
For now, agencies are focusing on securing exposed ATG systems and preventing similar intrusions, as concerns grow that future attacks could escalate from data manipulation to physical disruption.
