The United States Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, NSA, Department of Energy, and other government partners, have issued a warning regarding hackers targeting internet-exposed automatic tank gauge (ATG) systems. These systems are utilized to monitor fuel and liquid storage tanks in critical infrastructure sectors.
ATG systems are commonly found in sectors such as Energy, Chemical, Food and Agriculture, and Transportation Systems. They are used to remotely monitor storage tank levels, temperatures, and detect potential leaks.
According to the US government, threat actors are focusing on exposed ATG devices and are manipulating system settings through command execution.
“The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution,” the advisory states.
The agencies have identified that attackers are exploiting authentication bypass vulnerabilities, hardcoded credentials, operating system command-execution flaws, SQL injection vulnerabilities, and privilege-escalation weaknesses to gain access.
If a system is successfully compromised, attackers can manipulate network settings, product identifiers, tank volumes, and pump controls. They could also disable alerts and create conditions that hinder operators from effectively monitoring tank fill levels, potentially increasing the risk of leaks or equipment failures.
Organizations are advised to secure their ATG systems by blocking internet access, restricting remote access through firewalls, VPNs, or access control lists, changing default passwords, using strong credentials and multifactor authentication, installing security updates, and actively monitoring for unauthorized changes.
While the recent advisory does not attribute the activity to any specific threat actor, previous reports by CNN suggested that Iranian hackers were responsible for breaches involving ATG systems at gas stations in multiple states.
According to CNN, the hackers exploited internet-connected ATG systems with weak passwords, allowing them to access and manipulate display readings. However, they did not alter actual fuel levels.
Although the incidents did not result in physical damage, they raised concerns about potential interference with safety-related functions such as leak detection.
Iran was suspected due to its history of targeting fuel management systems and industrial control technologies. However, investigative sources mentioned limited forensic evidence, making it challenging to attribute the activity to a specific attacker.
CISA and its partners emphasize the importance of reviewing ATG system exposure and promptly implementing recommended security measures to mitigate risks.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Get the whitepaper
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
