Skip to content
Tech News
← Back to articles

CISA warns of cyberattacks targeting fuel tank monitoring systems

2026-06-03 | original
read original get Cybersecurity for Industrial Systems → more articles
Why This Matters

The warning highlights a critical cybersecurity vulnerability in fuel and liquid storage monitoring systems, which are vital to various infrastructure sectors. Protecting these systems is essential to prevent potential disruptions, leaks, or safety hazards that could impact public safety and economic stability. This underscores the importance of robust cybersecurity measures in safeguarding critical infrastructure from evolving cyber threats.

Key Takeaways

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors.

The cybersecurity agency says that ATG systems are commonly used in the Energy, Chemical, Food and Agriculture, and Transportation Systems sectors to remotely monitor storage tank levels, temperatures, and potential leaks.

The US government says threat actors are targeting exposed devices and modifying system settings through command execution.

"The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution," the advisory states.

According to the agencies, attackers are gaining access through authentication bypass vulnerabilities, hardcoded credentials, operating system command-execution flaws, SQL injection vulnerabilities, and privilege-escalation weaknesses.

If the system is successfully compromised, the attackers can alter network settings, product identifiers, tank volumes, and pump controls. They could also turn off alerts and create conditions that prevent operators from properly monitoring tank fill levels, potentially increasing the risk of leaks or equipment failures.

The agencies urged organizations to block ATG systems from the internet, restrict remote access through firewalls, VPNs, or access control lists, replace default passwords, utilize strong credentials and multifactor authentication, apply security updates, and actively monitor systems for unauthorized changes.

Iranian hackers previously linked to similar activity

While the advisory does not attribute the activity to any specific threat actor, it follows CNN reporting in May that Iranian hackers were behind a series of breaches involving ATG systems at gas stations in multiple states.

According to CNN, the attackers exploited ATG systems that were connected to the internet and protected by weak or nonexistent passwords, allowing them to access and manipulate display readings. However, the attackers did not alter the actual fuel levels.

... continue reading

Explore topics: cisa automatic tank gauge critical infrastructure command execution sql injection
Related:
CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers
CISA warns of active attacks exploiting Android, Linux bugs
Trump signs scaled-back AI cybersecurity order
CISA flags two-year-old Oracle flaw as actively exploited in attacks
Control within connection: How data sovereignty is rewriting the rules of critical infrastructure

© 2026 GoKawiil

About | Editorial Policy | Contact