This strategic brief details how Tehran-aligned cyber actors exploit low-level vulnerabilities like default passwords to breach U.S. operational technology, highlighting the critical intersection of industrial control risks and geopolitical influence operations.
The systemic vulnerabilities embedded within Western operational technology demand an immediate, aggressive overhaul of defensive postures to neutralize the escalating threat from Tehran. Iranian hackers have increasingly targeted soft nodes within municipal services, exploiting defensive complacency to achieve disproportionate psychological and operational leverage.
By weaponizing unsecured points of entry, Iranian hackers are shifting their focus from simple data exfiltration toward the disruption of critical national infrastructure, forcing Washington to confront the reality that commercial neglect is now a primary national security threat.
Iranian Hackers Exploit Default Credentials
U.S. officials suspect Iranian hackers are behind the breach of gas station pump displays in several states. The hacks are part of a long-term Iranian campaign targeting U.S. critical infrastructure, including water and transportation systems.
Iran’s cyber activity against U.S. targets has only increased since Washington and Jerusalem went to war against the Tehran regime, targeting systems enabling essential services that are all too often unprotected.
Assessing Threats From Iranian Hackers
The hackers breached tank gauge systems at gas stations in multiple U.S. states. The systems, used to monitor fuel levels, were exposed online with either default passwords or no password protection at all. While the attackers did not affect the actual fuel levels, they interfered with display information, potentially blinding the station owners and operators to gas leaks or empty tanks.
The hacks are yet another example of attempts by Iran-aligned hacking groups to compromise U.S. critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA) has warned that Iran-linked hackers are actively exploiting vulnerabilities in industrial control systems across critical infrastructure in the United States. The hackers were able to cause disruptions and information manipulation through malicious activity with system files, resulting in operational delays and financial losses.
Exaggerating Capabilities of Iranian Hackers
Iran often oversells the impact of its attacks. In April, for example, the suspected Iranian hacking group known as Ababil of Minab claimed responsibility for an attack on the Los Angeles transit authority. The group claimed to be holding internal systems at risk. While the transit authority confirmed that hackers gained partial access to its systems, the hack did not disrupt bus or light rail service.
The latest attack resembles previous efforts by hacking group APTIRAN to compromise gas stations in Pennsylvania. APTIRAN, likely affiliated with the Tehran regime’s Islamic Revolutionary Guard Corps (IRGC), claimed to have compromised the same tank gauge systems, posting screenshots alleging its successful data collection. Ultimately, neither the companies nor law enforcement publicly confirmed that anything had occurred.
Iranian Hackers Weaponize Public Perception
Iranian threat actors, unable to pull off sophisticated operations like their Chinese or Russian counterparts, often fuse their cyber operations with influence operations for maximum societal impact. This approach is persistent across Iran’s military and intelligence agencies, such as the IRGC and the Ministry of Intelligence and Security, both of which run operations via hacktivist front groups. While Iran likely aims to stoke fear, Iranian threat actors can get lucky and hit large or high-profile targets, as demonstrated by their targeting of FBI Director Kash Patel and the attack against medical technology firm Stryker.
Defending Systems Against Iranian Hackers
The systems that Iran is exploiting either have default passwords or none at all. Critical infrastructure owners and operators must install their products with better cybersecurity in mind. The U.S. government should work with critical infrastructure vendors through its Secure by Design initiative to ensure that technology is manufactured with security in mind, such as requiring the user to change the factory password before proceeding with installation. Amid Iran’s increasing cyber aggression against the United States, essential service providers must make themselves much harder targets.