CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids

Staff Editor 2026-06-03
CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids

CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids

https://www.cybersecuritydive.com/news/cisa-fbi-hackers-targeting-systems-monitor-industrial-fluits/821873/

Publish Date: 2026-06-03 11:47:00

Source Domain: www.cybersecuritydive.com

The Cybersecurity and Infrastructure Security Agency, FBI and other federal authorities warned Tuesday that hackers have targeted automatic tank gauge systems in threat activity across multiple industry sectors.

Tank gauge, or ATG, systems are used to measure temperature, check fuel or other liquid levels and detect leaks, according to guidance released by the agencies. Hackers have targeted internet-exposed devices and used command execution to disable alerts or otherwise obscure the monitoring of these devices. 

Authorities referenced multiple access vectors used to exploit flaws in tank gauge systems: 

  • Authentication bypass and hardcoded credentials allows hackers to gain access to device management interfaces.
  • Operating system command execution and structured query language injection lets hackers execute arbitrary code and manipulate underlying databases. 
  • Privilege escalation allows hackers to gain full administrator privileges over the operating system and the device application.

Federal authorities are urging operators to secure these systems, by disconnecting them from the internet, changing default passwords and applying security patches. 

Iran connection possible

Federal authorities have not attributed the attacks to any specific group, but CNN previously reported an investigation into the hack of ATG systems that serve gas stations in multiple U.S. states. The threat activity is suspected to be connected to Iran-linked hackers, but federal officials are not publicly making that link. 

OT security experts cautioned there are limits to how a hacker might manipulate these devices. 

“A malicious actor could take control of an ATG and disrupt its functions, including leak detection, but they cannot cause a leak with an ATG,” said Markus Mueller, field CISO at Nozomi Networks. “Similarly, a malicious actor could disrupt the ability to fill or use a tank to fill a vehicle.”

Besides use…

Source

More Stories

‘Don’t panic’: AI reality checks dominate major cybersecurity conference

‘Don’t panic’: AI reality checks dominate major cybersecurity conference

Staff Editor 2026-06-03
Robert Herjavec on AI, Cybersecurity and Dreaming Bigger

Robert Herjavec on AI, Cybersecurity and Dreaming Bigger

Staff Editor 2026-06-03
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

Staff Editor 2026-06-03

Terms and Conditions - Privacy Policy