Iran-linked hackers breached US gas station fuel-tank gauges - online ATG systems with no password protection
US officials believe Iranian-affiliated actors broke into internet-exposed automatic tank gauge (ATG) systems at gas stations across multiple states, then changed the displayed fuel levels without altering the actual amounts. The intrusions caused no shortages, but falsified ATG readings could theoretically hide a real fuel leak. ATGs have been a known soft target for over a decade. The activity tracks with a broader Iranian push during the war that began in late February: disruptions at US oil, gas, and water sites, shipping delays at Stryker, and the leak of FBI Director Kash Patel's emails. Attribution is preliminary because intruders left almost no forensic evidence.
- Check
- Inventory ATG and fuel-management endpoints. Search Shodan for your /27s on port 10001 (Veeder-Root) and similar ATG signatures. Pull access logs from internet-reachable OT controllers for unexpected reads or display changes.
- Affected
- US fuel retailers and distributors operating ATG systems (Veeder-Root, Franklin Electric INCON, Gilbarco) exposed to the internet with weak credentials. Same pattern applies to water utilities and other internet-facing ICS endpoints.
- Fix
- Remove ATG and OT management interfaces from the public internet. Put them behind VPN with MFA, segment OT from IT networks, and document manual gauging procedures for outages.