RSS

CISA warns of cyberattacks targeting fuel tank monitoring systems

openbin_kng1 pts0 comments

CISA warns of cyberattacks targeting fuel tank monitoring systems

Home<br>News<br>Security<br>CISA warns of cyberattacks targeting fuel tank monitoring systems

CISA warns of cyberattacks targeting fuel tank monitoring systems

By Lawrence Abrams

June 3, 2026

04:21 PM

CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across various critical infrastructure sectors.

The cybersecurity agency says that ATG systems are commonly used in the Energy, Chemical, Food and Agriculture, and Transportation Systems sectors to remotely monitor storage tank levels, temperatures, and potential leaks.

The US government says threat actors are targeting exposed devices and modifying system settings through command execution.

"The recent malicious cyber activity observed by the authoring organizations—which the U.S. government has not yet attributed to a nation-state or threat actor group—involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution," the advisory states.

According to the agencies, attackers are gaining access through authentication bypass vulnerabilities, hardcoded credentials, operating system command-execution flaws, SQL injection vulnerabilities, and privilege-escalation weaknesses.

If the system is successfully compromised, the attackers can alter network settings, product identifiers, tank volumes, and pump controls. They could also turn off alerts and create conditions that prevent operators from properly monitoring tank fill levels, potentially increasing the risk of leaks or equipment failures.

The agencies urged organizations to block ATG systems from the internet, restrict remote access through firewalls, VPNs, or access control lists, replace default passwords, utilize strong credentials and multifactor authentication, apply security updates, and actively monitor systems for unauthorized changes.

Iranian hackers previously linked to similar activity

While the advisory does not attribute the activity to any specific threat actor, it follows CNN reporting in May that Iranian hackers were behind a series of breaches involving ATG systems at gas stations in multiple states.

According to CNN, the attackers exploited ATG systems that were connected to the internet and protected by weak or nonexistent passwords, allowing them to access and manipulate display readings. However, the attackers did not alter the actual fuel levels.

The incidents reportedly did not cause physical damage, but raised concerns that attackers could potentially interfere with leak detection and other safety-related functions.

CNN reported that Iran was the primary suspect because of its history of targeting fuel management systems and other industrial control technologies.

However, CNN reports that multiple sources briefed on the investigation said it may not be possible to attribute the activity to a specific attacker, as there was limited forensic evidence left behind in the attacks.

CISA and its partners said organizations operating ATG systems should review their exposure and implement recommended mitigations immediately to reduce the risk of compromise.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.<br>This guide covers the 6 surfaces you actually need to validate.

Download Now

Related Articles:

Iranian hackers targeted major South Korean electronics maker<br>Foxconn confirms cyberattack claimed by Nitrogen ransomware gang<br>Canvas login portals hacked in mass ShinyHunters extortion campaign<br>MuddyWater hackers use Chaos ransomware as a decoy in attacks<br>PowerSchool hacker claims they stole data of 62 million students

Automatic tank gauges

Cyberattack

Fuel

Industrial Control Systems

Iran

Lawrence Abrams

Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies.

Previous Article

Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

Critical Windows Netlogon RCE flaw now exploited in attacks

Microsoft fixes outage affecting MFA setup, MySignIn service

Microsoft Exchange Online outage causes email delays, failures

Sponsor Posts

33% Rise in Healthcare Credential Theft in 2025: What you need to know

SecAlerts: real-time vulnerability...

systems tank fuel targeting cisa monitoring

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini

Agent Memory: An Anatomy

brgsk17 ptsmemory library user agent semantic libraries
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.