2026-05-15T18:40:20.584Z / 美国有线电视新闻网(CNN)
记者:肖恩·林加斯
更新于14分钟前
更新于美国东部时间2026年5月15日下午3:15
发布于美国东部时间2026年5月15日下午2:40
中东 网络安全 石油与天然气 国家安全
2024年4月6日,一名男子在迈阿密的加油站为车辆加油。乔·雷德尔/盖蒂图片社
据多名了解此次攻击事件的消息人士透露,美国官员怀疑伊朗黑客是一系列入侵多州加油站油罐监控系统的幕后黑手。
消息人士称,涉案黑客利用了未设置密码、直接联网的自动油罐液位监测(ATG)系统,在部分案例中篡改了油罐的显示读数,但并未实际改变油罐内的燃油存量。
目前已知此次网络入侵未造成实体损坏或人员伤亡,但官员和私营领域专家表示,此次入侵引发了安全担忧,因为理论上,黑客若获得自动油罐液位监测系统的访问权限,可能会让燃油泄漏问题不被察觉。
了解调查情况的消息人士指出,伊朗此前有针对油罐系统的攻击历史,这是将其列为头号嫌疑人的原因之一。但消息人士同时警告,由于黑客未留下足够的取证证据,美国政府可能无法最终确定攻击者身份。
CNN已就此次自动油罐液位监测系统入侵事件向美国网络安全与基础设施安全局(CISA)置评请求。美国联邦调查局(FBI)拒绝置评。
若伊朗的涉案行为得到证实,这将是在美伊以三国开战期间,德黑兰威胁美国本土关键基础设施的最新案例——伊朗的无人机和导弹仍无法触及美国本土。
此次事件还可能给特朗普政府带来政治敏感问题,进一步引发人们对这场战争推高汽油价格的关注。美国有线电视新闻网近期一项民调显示,75%的美国成年人认为伊朗参与的战争对他们的财务状况造成了负面影响。
此次黑客攻击活动也给众多美国关键基础设施运营商敲响了警钟:尽管联邦政府多年来一直在敦促,但许多运营商仍未能妥善保护其系统安全。
伊朗黑客组织长期以来一直在寻找“低挂果实”——即直接联网、与石油天然气设施和供水系统交互的关键美国计算机系统。2023年10月7日哈马斯袭击以色列后,美国官员指责与伊朗伊斯兰革命卫队有关联的黑客对美国多家水务公司发动攻击,在用于管理水压的设备上显示反以色列信息。
网络安全研究人员十多年来一直在警示直接联网的自动油罐液位监测系统的安全隐患。2015年,安全公司趋势科技将模拟自动油罐液位监测系统上线,以观察哪些黑客会发起攻击,一个亲伊朗组织很快就现身了。
2021年英国天空新闻台的一份报道援引伊朗伊斯兰革命卫队的内部文件,将自动油罐液位监测系统列为对加油站发动破坏性网络攻击的潜在目标。
伊朗网络行动正“加速推进”
美国情报机构长期以来认为伊朗的网络能力不及中国或俄罗斯。但战争期间,伊朗关联黑客对美国关键资产发动的一系列机会主义攻击表明,伊朗是一支有能力且难以预测的对手。
自今年2月底战争爆发以来,与德黑兰有关联的黑客已导致美国多家石油天然气和水务设施陷入中断,美国主要医疗设备制造商史赛克(Stryker)出现航运延误,还泄露了联邦调查局局长卡什·帕特尔的私人电子邮件。
以色列的组织和公民在此次最新战争期间也成为伊朗黑客的重点攻击目标,而美以两国军方则利用网络行动让其常规打击更具杀伤力。
以色列国家网络安全局局长约西·卡拉迪告诉CNN,战争期间伊朗的网络活动“在规模、速度以及网络行动与心理战的整合方面都出现了显著增长”。
以色列国防军今年3月声称,已袭击了一处设有伊朗“网络战指挥部”的建筑群。目前尚不清楚此次袭击中是否有伊朗网络操作人员丧生。
卡拉迪以其机构职责仅限网络防御为由,不愿就此置评。
“但从防御角度来看,近几个月我们看到敌方部分网络活动有所减弱,”他说,“归根结底,伊朗行动方正承受压力,试图在网络空间寻找任何可乘之机发动攻击。”
普华永道威胁情报团队主管、拥有十多年追踪伊朗相关威胁经验的艾莉森·维基奥夫表示,过去18个月里,伊朗的整体网络行动“如今正加速推进,迭代速度更快,黑客行动者身份层次更丰富,还可能利用人工智能来扩大侦察和钓鱼攻击的规模”。
“他们的网络战术手册中最引人注目的新变化是迅速打造出‘够用就行’的恶意软件,包括破坏性擦除型软件,同时配合针对媒体、异见人士和美国关键民用基础设施的强硬黑客泄密行动,”维基奥夫告诉CNN。
伊朗战术手册的一部分内容,是利用美国媒体在战时急于采信各方说法的心态牟利。
与伊朗情报部门和准军事部队有关联的黑客,通过多个“黑客行动主义”身份开展活动,他们利用Telegram夸大自己的攻击成果、发布窃取的材料,并发布搭配热门音乐的宣传视频。
其中一个自称“汉达拉”的组织,以巴勒斯坦卡通角色命名,该组织嘲讽帕特尔,声称已入侵联邦调查局“坚不可摧”的计算机系统。实际上,黑客只是侵入了帕特尔使用多年的Gmail邮箱。
“汉达拉的每一项声明都会引发人们的恐慌,这一事实表明,无论是政府机构还是供应商,似乎都无法清晰阐述伊朗所构成威胁的实际运作情况,”追踪伊朗关联黑客多年、现任安全公司Sublime Security威胁情报主管的网络安全研究员亚历克斯·奥尔良说道。
尽管战争期间伊朗发动了多起黑客攻击,但奥尔良指出了两起为何未出现更多攻击事件的原因。
“其一,伊朗似乎缺乏持续发动攻击所需的访问渠道,否则我们很可能会看到更多类似史赛克公司的事件,”他告诉CNN,“其二,该政权显然已表明其持久战意图,这进一步打消了其肆意开展网络攻击行动的动机。”
“没人为此付出代价”
对于一些现任和前任美国官员而言,伊朗网络行动的激进和不可预测性,在中期选举前夕显得尤为重要。
2020年大选期间,包括美国网络安全与基础设施安全局在内的联邦机构指责伊朗策划了一起冒充极右翼骄傲男孩组织的行动,试图恐吓选民。2024年美国总统大选期间,伊朗黑客入侵特朗普竞选团队,将其内部文件发送给新闻机构。
如今,多年来首次出现美国军方和情报官员未启动专门团队侦测和挫败外国对选举的威胁——前美国网络司令部官员杰森·基克塔将此举视为“战略渎职”。
“从我们在这场战争中目睹伊朗的所作所为,以及他们在2020年的行动来看,如果他们不参与此次中期选举,我会感到惊讶,”曾在2020年担任美国网络安全局局长的克里斯·克雷布斯说道,当时他与时任国家情报总监约翰·拉特克利夫一同站出来,向美国公众警示伊朗和俄罗斯的影响力操作。
“我赌他们会开展信息战,而非攻击选举系统,”克雷布斯告诉CNN,“俄罗斯和中国也是这么做的,这有充分理由:这种方式成本低廉,利用人工智能易于扩大规模,而且没人为此付出代价。”
Exclusive: Hackers have breached tank readers at US gas stations; officials suspect Iran is responsible
2026-05-15T18:40:20.584Z / CNN
By
Sean Lyngaas
Updated 14 min ago
Updated May 15, 2026, 3:15 PM ET
PUBLISHED May 15, 2026, 2:40 PM ET
The Middle East Digital security Oil & gas National security
A person fuels his vehicle at a gas station on April 6 in Miami.
Joe Raedle/Getty Images
US officials suspect Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple states, according to multiple sources briefed on the activity.
The hackers responsible have exploited automatic tank gauge (ATG) systems that were sitting online and unprotected by passwords, allowing them in some cases to tinker with display readings on the tanks but not the actual levels of fuel in them, the sources said.
The cyber intrusions are not known to have caused physical damage or harm, but the breaches have raised safety concerns because gaining access to an ATG could, in theory, allow a hacker to make a gas leak go undetected, according to private experts and US officials.
The sources briefed on the investigation said Iran’s history of targeting the gas tank systems is one reason the country is a top suspect. But, the sources cautioned, the US government may not be able to definitively determine who was responsible because of a lack of forensic evidence left by the hackers.
CNN has requested comment on the ATG hack from the US Cybersecurity and Infrastructure Security Agency. The FBI declined to comment.
If Iran’s involvement is confirmed, it would be the latest case of Tehran threatening critical infrastructure in the US homeland, which remains out of reach of Iranian drones and missiles, amid the US and Israeli war with Iran.
It could also raise a politically sensitive issue for the Trump administration by drawing further attention to higher gas prices caused by the war. Seventy-five percent of US adults surveyed in a recent CNN poll said the Iran war had a negative effect on their finances.
The hacking campaign is also a warning to many US critical infrastructure operators who have struggled to secure their systems despite years of federal exhortations.
Iranian hacking groups have long looked for low-hanging fruit — critical US computer systems sitting online that interact with oil and gas sites and water systems, for example. After Hamas attacked Israel on October 7, 2023, US officials blamed hackers affiliated with Iran’s Islamic Revolutionary Guard Corps for a series of attacks on US water utilities that displayed an anti-Israel message on equipment used to manage water pressure.
Cybersecurity researchers have been warning about internet-facing ATGs for over a decade. In 2015, security firm Trend Micro put mock ATG systems online to see what kind of hackers would target them. A pro-Iran group was quick to surface.
A 2021 report from Sky News cited internal documents from the Islamic Revolutionary Guard Corps that singled out ATGs as a potential target for a disruptive cyberattack on gas stations.
Iran’s cyber operations are ‘accelerating’
US intelligence agencies have long considered Iran’s cyber capabilities inferior to those of China or Russia. But a string of opportunistic hacks of key US assets during the war suggests Iran is a capable — and unpredictable — adversary.
Since the war began in late February, Tehran-linked hackers have caused disruptions at multiple US oil and gas and water sites, shipping delays at Stryker, a major US medical device maker, and have leaked the private emails of FBI Director Kash Patel.
Israeli organizations and citizens have also been heavily targeted by Tehran’s hackers during the latest war, while the US and Israeli military have used cyber operations to make their kinetic strikes more lethal.
Iran’s cyber activity during the war has shown “a significant increase in the scale, speed, and integration between cyber operations and psychological campaigns,” Yossi Karadi, head of the Israel’s cyber defense agency, the National Cyber Directorate, told CNN.
The Israel Defense Forces in March claimed to have struck a compound housing Iran’s “Cyber Warfare headquarters.” It’s unclear how many Iranian cyber operatives, if any, were killed in that strike.
Karadi would not comment on that matter, citing his agency’s mandate, which is limited to cyber defense.
“That said, from a defensive perspective, in recent month, we are seeing some degradation in parts of the hostile cyber activity,” he said. “The bottom line is that Iranian actors are under pressure and are trying to strike wherever they find an opening in cyberspace.
The last 18 months have shown that Iran’s cyber operations in general “are now accelerating with faster iteration, more layered hacktivist personas, and likely AI-driven scaling for reconnaissance and phishing,” said Allison Wikoff, a director on PwC’s threat intelligence team with over a decade of experience tracking Iran-based threats.
“What’s notably new in their cyber playbook is the swift creation of ‘good-enough’ malware, including the destructive wiping types, complemented by assertive hack-and-leak campaigns against media, dissidents, and key (US)civilian infrastructure,” Wikoff told CNN.
Part of that Iranian playbook is capitalizing on the wartime footing of an American media quick to pounce on claims made by all sides.
Hackers associated with Iran’s intelligence ministry and paramilitary arm maintain a number of “hacktivist” personas through which they use Telegram to exaggerate their exploits, publish stolen material and release promotional videos spliced to catchy music.
One of the groups, calling itself Handala after a Palestinian cartoon character, taunted Patel while claiming it had breached the FBI’s “impenetrable” computer systems. In reality, the hackers got into Patel’s years-old Gmail emails.
“The fact that every Handala claim leads to people freaking out demonstrates that the operational reality of the threat Iran poses is something that both government agencies and vendors don’t seem to be able to articulate,” said Alex Orleans, a cybersecurity researcher who has tracked Iran-linked hackers for years and leads threat intelligence at security firm Sublime Security.
Despite the string of hacks from Iran during the war, Orleans offered two reasons there haven’t been more.
“The first is that Iran appears to have lacked the lines of access to deliver sustained effects, or we likely would’ve seen more incidents like Stryker,” he told CNN. “The second is that the regime has clearly demonstrated its intention to endure, which further disincentivizes wanton cyber effects operations.”
‘Nobody’s paying a price for it’
For some current and former US officials, the aggressive and unpredictable nature of Iranian cyber operations take on added significance ahead of the midterm elections.
In the 2020 election, federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), blamed Iran for a scheme that impersonated the far-right Proud Boys to try to intimidate voters. During the 2024 US presidential election, Iranian hackers breached the Trump campaign and sent internal documents from it to news organizations.
Now, for the first election cycle in years, US military and intelligence officials have yet to activate a specialized team dedicated to detecting and thwarting foreign threats to elections — a move that one former Cyber Command official, Jason Kikta, deemed “strategic malpractice.”
“Between what we’ve watched Iran do in this war and what they ran in 2020, I’d be surprised if they sat the midterms out,” said Chris Krebs, who as CISA director in 2020 stood beside then-Director of National Intelligence John Ratcliffe as they warned the American public about Iranian and Russian influence operations.
“My bet is on information operations, not attacks on election systems,” Krebs told CNN. “That’s where the Russians and Chinese have gone, and for good reason. It’s cheap, it’s easy to scale with AI, and nobody’s paying a price for it.”
发表回复