CISA warns of cyberattacks targeting fuel tank monitoring systems

https://www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/

Publish Date: 2026-06-03 16:21:00

Source Domain: www.bleepingcomputer.com

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors.

The cybersecurity agency says that ATG systems are commonly used in the Energy, Chemical, Food and Agriculture, and Transportation Systems sectors to remotely monitor storage tank levels, temperatures, and potential leaks.

The US government says threat actors are targeting exposed devices and modifying system settings through command execution.

“The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution,” the advisory states.

According to the agencies, attackers are gaining access through authentication bypass vulnerabilities, hardcoded credentials, operating system command-execution flaws, SQL injection vulnerabilities, and privilege-escalation weaknesses.

If the system is successfully compromised, the attackers can alter network settings, product identifiers, tank volumes, and pump controls. They could also turn off alerts and create conditions that prevent operators from properly monitoring tank fill levels, potentially increasing the risk of leaks or equipment failures.

The agencies urged organizations to block ATG systems from the internet, restrict remote access through firewalls, VPNs, or access control lists, replace default passwords, utilize strong credentials and multifactor authentication, apply security updates, and actively monitor systems for unauthorized changes.

Iranian hackers previously linked to similar activity

While the advisory does not attribute the activity to any specific threat actor, it follows…

Source

CISA warns of cyberattacks targeting fuel tank monitoring systems

https://www.bleepingcomputer.com/news/security/cisa-warns-of-cyberattacks-targeting-fuel-tank-monitoring-systems/

Publish Date: 2026-06-03 16:21:00

Source Domain: www.bleepingcomputer.com

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors.

The cybersecurity agency says that ATG systems are commonly used in the Energy, Chemical, Food and Agriculture, and Transportation Systems sectors to remotely monitor storage tank levels, temperatures, and potential leaks.

The US government says threat actors are targeting exposed devices and modifying system settings through command execution.

“The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution,” the advisory states.

According to the agencies, attackers are gaining access through authentication bypass vulnerabilities, hardcoded credentials, operating system command-execution flaws, SQL injection vulnerabilities, and privilege-escalation weaknesses.

If the system is successfully compromised, the attackers can alter network settings, product identifiers, tank volumes, and pump controls. They could also turn off alerts and create conditions that prevent operators from properly monitoring tank fill levels, potentially increasing the risk of leaks or equipment failures.

The agencies urged organizations to block ATG systems from the internet, restrict remote access through firewalls, VPNs, or access control lists, replace default passwords, utilize strong credentials and multifactor authentication, apply security updates, and actively monitor systems for unauthorized changes.

Iranian hackers previously linked to similar activity

While the advisory does not attribute the activity to any specific threat actor, it follows…

Source