US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity.
The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them in some cases to tinker with display readings on the tanks but not the actual levels of fuel in them, the sources said.
Read more…
Source: CNN News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Carnegie Mellon University hit by cyberattack, informs 7,300 people possibly affected
January 19, 2024
Carnegie Mellon University informed about 7,300 people that their personal information may have been compromised in an August cyberattack that was quietly investigated by law enforcement and the university. The breach impacting one of the nation’s top schools for computing was acknowledged by the university as higher education in general faces a growing assault by digital ...
- Chinese drones may pose security risks, US agencies warn
January 18, 2024
Chinese-made drones could pose a national security risk to the United States due to laws in China that force companies to provide authorities access to user data, two U.S. agencies say in a new memo. These “unmanned aircraft systems,” or UAS, are often used by operators of critical infrastructure in the United States without regard to ...
- Water and Wastewater Sector – Incident Response Guide
January 18, 2024
Cyber threat actors are aware of – and deliberately target – single points of failure. A compromise or failure of a Water and Wastewater (WWS) Sector organization could cause cascading impacts throughout the Sector and other critical infrastructure sectors. There are many aspects of the large and complex WWS Sector that pose challenges to raising cyber resilience ...
- TA866 returns with a large Email campaign
January 18, 2024
Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume campaign consisting of several thousand emails targeting North America. Invoice-themed emails had attached PDFs with names such as “Document_.pdf” and various subjects such as “Project achievements”. The PDFs contained OneDrive ...
- New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
January 17, 2024
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, Mint Sandstorm used bespoke phishing lures in an attempt to socially engineer targets into downloading ...
- Alleged FruitFly malware creator ruled incompetent to stand trial
January 16, 2024
On January 4, 2017, Case Western Reserve University (CWRU), located in Cleveland, Ohio, became aware of an infection on more than 100 of its computers. The university was notified by an undisclosed third party, who provided information to help the team find and identify the malware. CWRU began working with the FBI, who determined that the ...