National Cyber Warfare Foundation (NCWF)

SCADA Hacking: Taking Over a Russian Gas Station
0 user ratings		2025-08-11 20:46:34
milo
Red Team (CNA)

Welcome back cyberwarriors! We are continuing our series on SCADA exploitation with another successful operation added to the record. This time, our focus shifts to a gas station. This breach didn’t originate with the gas station itself, but rather through an administrator’s personal workstation who worked at a different company. Low Russian wages and poor […]


The post SCADA Hacking: Taking Over a Russian Gas Station first appeared on Hackers Arise.











Welcome back cyberwarriors! We are continuing our series on SCADA exploitation with another successful operation added to the record. This time, our focus shifts to a gas station.





This breach didn’t originate with the gas station itself, but rather through an administrator’s personal workstation who worked at a different company. Low Russian wages and poor digital hygiene are constantly giving us opportunities to gain access to various systems. Many admins take on freelance projects to make ends meet, mixing and exposing sensitive access. Antivirus software alone, no matter how modern, does not qualify as a security strategy and what we found proves that point conclusively.





Initial Access and Discovery





In July 2025, during routine reconnaissance aimed at a larger target, we found a system belonging to an administrator. The computer in question housed the usual collection of valuable artifacts: plaintext credentials, mail backups, software license keys, browser profiles, and Telegram data. What stood out, however, was a set of AnyDesk links pointing to remote hosts that didn’t match the initial target’s network architecture. After poking around for a bit, we landed inside a live gas station control system.





On the desktop, we found 3D models of the station itself, meaning this administrator had been involved in either the deployment or maintenance of its automation components. Judging by the assets, it was a relatively new facility, likely active for only a few years. Apparently, this administrator had been contracted by the station’s owners to develop and manage it.





























After starting our payload from the gas station, we got a connection to our Command and Control (C2) infrastructure. For those following our toolkit development, a new module has just been added, covering modern usage of Sliver for cyber warfare deployments. fter gaining access we used Chisel to establish a reverse SOCKS proxy, enabling direct lateral movement from our C2 through the target’s internal network.





Fuel Station Control Logic





Most modern fueling stations rely on programmable controllers to manage fuel dispensing, monitor tank levels, and interface with payment systems. In this case, the central logic controller was a DOMS PSS 5000, a widely used automation unit designed to integrate pumps, sensors, and fuel inventory management into a single framework.





The DOMS PSS 5000 is the digital backbone of forecourt operations. It enables real-time control and status monitoring of pumps, tanks, and related systems while providing remote diagnostic capabilities. It is robust and popular, but like any solution it depends on secure configuration.

















Here’s a look at a basic status report from the DOMS controller telemetry.





SCADA





Once our session was live, the cashier’s interface appeared. It had every control you’d expect. We could view detailed transaction logs, print receipts on demand, block fuel dispensers, and even control oil transfer systems.

















Because all four storage tanks were piped together, we had free rein to blend fuels however we liked.

















At the time we connected, each tank was about half full. With a few clicks, we could open valves on any combination of tanks. Customers paying for regular gasoline might actually receive a mix. Combustion problems, clogged fuel filters, injector fouling – you can guess what comes first!

















In practice, we set up a “buy one, get two” promotion. Every customer got double the fuel – one grade paid for, another dumped in for free. It’s the kind of sabotage that starts quietly but leaves a lasting mark.





We’re not done here and this episode isn’t our main goal. We’ll keep monitoring and tweaking things over the next few months. By then the owners will think it’s just bad luck or poor maintenance, never a cyber attack. For now, we’ll let the connection stay alive on our C2 and see how far we can push it.





Summary





We took control of a gas station by exploiting an administrator’s PC. Once inside, we accessed the cashier’s interface and set up a “buy one, get two” scheme, mixing different kinds of gas while customers paid for a single grade. Wiping everything is not always the most efficient tactic, especially when you can damage the reputation of a company and then break the system. The attack remains stealthy and ongoing from our C2, leaving the station clueless about the sabotage.





The post SCADA Hacking: Taking Over a Russian Gas Station first appeared on Hackers Arise.



Source: HackersArise
Source Link: https://hackers-arise.com/scada-hacking-taking-over-a-gas-station/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Red Team (CNA)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.