In a significant and troubling development, US officials are investigating a series of cyber intrusions into the systems that monitor fuel storage levels at gas stations across multiple states, incidents believed to be the work of Iranian-linked hackers. According to CNN, sources familiar with the probe have identified Iran as the leading suspect in a campaign that targeted automatic tank gauge (ATG) systems widely used in the US fuel retail network.The attacks reportedly focused on ATG units, digital sensors that monitor the amount of fuel stored in underground tanks at service stations. These devices were connected to the internet without basic password protection, creating a vulnerability that unauthorized actors could exploit. Hackers were able to access these unsecured systems remotely and manipulate the displayed fuel levels in some instances, without altering the real fuel volumes held in storage.While there have been no confirmed reports of physical damage, injuries, or fuel shortages linked to these incidents, US officials and cybersecurity experts have expressed grave concerns. One of the fundamental fears is that a compromised ATG could conceal a real gas leak by falsely reporting normal fuel levels, potentially endangering public safety and environmental integrity.Why Iran is the primary suspectCNN pointed to Iran’s historical pattern of probing similar systems as one reason it is viewed as the top suspect in this case. Tehran-linked cyber groups have targeted US infrastructure before, including water pressure systems and other industrial control networks, often during periods of heightened geopolitical tension.Officials acknowledge, however, that definitive attribution remains a challenge. According to sources, the suspected attackers left little forensic evidence, complicating efforts to conclusively tie the intrusions to any specific actors. Iran’s history of ‘hacktivism’In 2015, researchers who deliberately placed mock ATG units online to study scanning behavior reported that a pro-Iran–linked group quickly discovered and interacted with the devices. By 2021, reporting by Sky News cited internal documents attributed to the Islamic Revolutionary Guard Corps (IRGC) that explicitly referenced ATGs as potential cyber targets. Following the October 7 attacks in Israel, IRGC-affiliated hackers were blamed for intrusions into US water utility control systems. In those cases, attackers reportedly altered on-screen messages on equipment used to manage water pressure, replacing operational displays with anti-Israel slogans. Since the start of the broader regional conflict in 2026, US officials and private analysts have linked Iran-aligned cyber activity to disruptions at oil, gas, and water facilities, as well as to shipping delays at the medical device manufacturer Stryker. A recurring name in recent incidents is Handala, an Iran-aligned hacktivist persona that has claimed responsibility for multiple data leaks. Handala asserted it had breached the systems of the Federal Bureau of Investigation after publishing emails belonging to FBI Director Kash Patel. Subsequent reporting indicated the compromise involved older personal Gmail correspondence, not an intrusion into FBI networks.Handala has also turned its attention to Israeli and US military targets. It circulated a list purporting to expose 60 “senior officers” from Israel’s Israel Defense Forces (IDF) Egoz commando unit. Closer examination showed the individuals were largely veterans and reservists whose past service was already publicly visible on social media and professional profiles, reported The Jerusalem Post.A similar “exposé” followed on April 25, when Handala claimed to reveal 100 “senior officers” and “secret agents” from the Maglan unit. The group then shifted to US targets, alleging it had published a roster of US Navy officers and, days later, the names of more than 2,000 Marines deployed to the Middle East.