Iranian hackers' ATG cyberattack campaign
Campaign
Summary
Hide ▲
Show ▼
Iranian threat groups launched a barrage of cyberattacks after the conflict began, broadening pressure on US gas-station fuel-monitoring systems and signaling continued risk to exposed critical infrastructure. The activity reportedly involved automatic tank gauge (ATG) systems that were reachable online and lacked password protection. Attackers changed display readings without altering actual fuel levels, showing how small OT weaknesses can be used for intimidation and disruption. The reporting says there was no significant disruption to US fuel-related infrastructure at the time, but the operation still demonstrates conflict-linked cyber reach.
Related Happenings
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector Action
First: 18.05.2026 18:41
Last: 18.05.2026 18:41
Sources 1
How related:
Last month, the US government warned that Iran-affiliated threat actors were disrupting US critical infrastructure through attacks on Internet-exposed operational technology (OT) devices across various sectors.
About this happening:
The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector ActionHow related: Last month, the US government warned that Iran-affiliated threat actors were disrupting US critical infrastructure through attacks on Internet-exposed operational technology (OT) devices across various sectors.
About this happening: The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
APT28 SOHO router DNS hijacking and credential theft campaign
Campaign
First: 07.04.2026 18:30
Last: 07.04.2026 18:30
Sources 1
About this happening:
**APT28** is running **two malicious campaigns** that abuse **vulnerable SOHO routers** and attacker-controlled **DNS/VPS infrastructure** to reroute traffic and steal credentials...
APT28 SOHO router DNS hijacking and credential theft campaign
CampaignAbout this happening: **APT28** is running **two malicious campaigns** that abuse **vulnerable SOHO routers** and attacker-controlled **DNS/VPS infrastructure** to reroute traffic and steal credentials...
Latest development: 08.04.2026 13:03
On April 7, 2026, the US Department of Justice and the FBI said they neutralized the US portion of APT28’s DNS hijacking network, which spanned more than 23 US states and used compromised SOHO routers, especially TP-Link routers, to redirect traffic through attacker-controlled DNS servers and steal credentials from targeted organizations. The FBI said it was working with ISPs to notify affected users, and court-authorized remediation steps can reset router DNS settings, remove APT28-installed resolvers, and prevent further abuse of the original access path.
NCSC warning on Iranian cyberattack risk for UK organisations
Public Sector Action
First: 02.03.2026 17:54
Last: 02.03.2026 17:54
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** issued a warning about a **heightened risk of Iranian cyberattacks** amid the **Middle East conflict**, urging UK organisations to...
NCSC warning on Iranian cyberattack risk for UK organisations
Public Sector ActionAbout this happening: The **UK National Cyber Security Centre (NCSC)** issued a warning about a **heightened risk of Iranian cyberattacks** amid the **Middle East conflict**, urging UK organisations to...
Electrum and Kamicite destructive OT/ICS campaign
Campaign
First: 17.02.2026 23:31
Last: 17.02.2026 23:31
Sources 1
About this happening:
A **2025 destructive campaign** tied to **Electrum** and **Kamicite** combined **persistent scanning** with attacks that could disrupt industrial and communications infrastructure...
Electrum and Kamicite destructive OT/ICS campaign
CampaignAbout this happening: A **2025 destructive campaign** tied to **Electrum** and **Kamicite** combined **persistent scanning** with attacks that could disrupt industrial and communications infrastructure...
Timeline
-
18.05.2026 18:41 2 articles · 9d ago
Iranian hackers allegedly breach exposed ATG systems at US gas stations
Initial DisclosureIranian threat actors allegedly exploited Internet-exposed automatic tank gauge (ATG) systems with no password protections at gas stations around the US, changing display readings on tanks without altering the actual fuel levels. The reporting attributes the activity to Iran while noting that there has been no significant disruption to US fuel-related critical infrastructure so far.
Show sources
- Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive — www.darkreading.com — 18.05.2026 18:41
- Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive — www.darkreading.com — 18.05.2026 18:41