Back

CISA Alerts on Cyberattacks Targeting U.S. Automatic Tank Gauge Systems

Severity: High (Score: 74.0)

Sources: Cybersecuritynews, Gbhackers, Bleepingcomputer

Published: 2026-06-03 · Updated: 2026-06-03

Keywords: cisa, department, warns, cyberattacks, targeting, tank, gauge

Severity indicators: rat, cyberattack

Summary

CISA, alongside multiple U.S. agencies, has issued a warning about ongoing cyberattacks targeting automatic tank gauge (ATG) systems across the United States. These systems are crucial for monitoring fuel and liquid storage in sectors like energy, chemicals, and transportation. Attackers are exploiting vulnerabilities such as authentication bypass, hardcoded credentials, and SQL injection flaws to gain unauthorized access. Once compromised, they can alter critical parameters, disable alerts, and manipulate system settings, posing risks of operational disruptions and environmental hazards. The advisory does not currently attribute these attacks to any specific nation-state or group, but highlights the need for immediate action to secure ATG systems against internet exposure. Organizations are urged to implement strong credentials, restrict remote access, and monitor for unauthorized changes. Key Points: • CISA warns of cyberattacks on automatic tank gauge systems critical to U.S. infrastructure. • Attackers exploit vulnerabilities like authentication bypass and SQL injection to gain access. • Organizations are advised to secure ATG systems by blocking internet access and using strong credentials.

Detailed Analysis

**Impact** Automatic Tank Gauge (ATG) systems across the United States in the Energy, Chemical, Food and Agriculture, and Transportation sectors are affected. These systems monitor fuel and liquid storage tank levels, temperatures, and leak detection. Successful compromises can lead to manipulation of tank volumes, product identifiers, pump controls, and disabling of alerts, increasing the risk of operational disruptions, environmental damage, and safety hazards. No confirmed physical damage or data exfiltration has been reported. **Technical Details** Attackers exploit internet-exposed ATG systems using authentication bypass, hardcoded/default credentials, operating system command execution vulnerabilities, SQL injection flaws, and privilege escalation techniques. The threat actors remotely execute commands to alter system configurations and backend databases. Commonly targeted TCP ports include 8001, 9001, and 10001. No specific malware or CVEs were identified, and no confirmed attribution to nation-state or threat groups has been made. **Recommended Response** Immediately block direct internet access to ATG systems by restricting access via firewalls, VPNs, or access control lists. Change all default and hardcoded credentials and implement phishing-resistant multi-factor authentication where possible. Apply the latest security patches and updates from certified service providers. Enable continuous monitoring with logging and auditing to detect unauthorized access and abnormal behavior, and report incidents promptly to CISA.

Source articles (4)

  • CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems — Gbhackers · 2026-06-03
    The Cybersecurity and Infrastructure Security Agency (CISA), alongside the FBI, NSA, Department of Energy, EPA, TSA, Department of Transportation, and USDA, has issued a joint warning ongoing cyberatt…
  • CISA Warns of Cyberattacks Targeting U.S. Tank Gauge Systems — Gbhackers · 2026-06-03
    The Cybersecurity and Infrastructure Security Agency (CISA), alongside the FBI, NSA, Department of Energy, EPA, TSA, Department of Transportation, and USDA, has issued a joint warning ongoing cyberatt…
  • CISA and Partners Warns of Cyberattacks Targeting U.S. — Cybersecuritynews · 2026-06-03
    A serious wave of cyberattacks is now targeting a piece of infrastructure that most people never think . Automatic Tank Gauge systems, commonly known as ATG systems, are used across the United States…
  • CISA warns of cyberattacks targeting fuel tank monitoring systems — Bleepingcomputer · 2026-06-03
    CISA, the FBI, the NSA, the Department of Energy, and other US government partners are warning that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and l…

Timeline

  • 2026-06-03 — CISA issues warning about ATG system attacks: CISA and other agencies alert that hackers are targeting ATG systems used in critical infrastructure sectors.
  • 2026-06-03 — Reported vulnerabilities exploited in ATG systems: Attackers are using authentication bypass, hardcoded credentials, and SQL injection to compromise ATG systems.

Related entities

  • Data Breach (Attack Type)
  • Ransomware (Attack Type)
  • Sql Injection (Attack Type)
  • Iran (Country)
  • United States (Country)
  • CWE-269 - Improper Privilege Management (Cwe)
  • CWE-287 - Improper Authentication (Cwe)
  • CWE-78 - OS Command Injection (Cwe)
  • CWE-798 - Use of Hard-coded Credentials (Cwe)
  • Cwe-89 - SQL Injection (Cwe)
  • connections.to (Domain)
  • Chemical (Industry)
  • Energy (Industry)
  • Food And Agriculture (Industry)
  • Transportation (Industry)
  • T1059 - Command and Scripting Interpreter (Mitre Attack)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • T1190 - Exploit Public-Facing Application (Mitre Attack)
  • Apache ActiveMQ (Platform)
  • Ivanti Neurons For ITSM (Platform)
  • GitHub Actions (Tool)
  • The Gentlemen Ransomware Group (Ransomware Group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed