900+ US gas station tank gauges exposed to cyberattacks
▼ Summary
– Over 900 automatic tank gauge (ATG) systems in the U.S., used to monitor fuel and chemical storage, are exposed online and vulnerable to attacks.
– A joint advisory from CISA, FBI, NSA, and others warns critical infrastructure organizations to secure ATG systems against ongoing cyberattacks.
– Threat actors exploit flaws like hardcoded credentials and SQL injection to alter system settings via command execution attacks.
– Successful compromises could disable system alerts, raising risks of leaks, equipment failures, or permanent damage.
– The warning follows reports of Iranian hackers breaching ATG systems at U.S. gas stations, manipulating display readings without altering fuel levels.
More than 900 automatic tank gauge (ATG) systems in the United States remain exposed online, creating a significant cybersecurity risk for critical infrastructure sectors that rely on fuel and chemical storage monitoring. These devices, which track inventory, detect leaks, and ensure regulatory compliance, are vulnerable to ongoing cyberattacks that could disable safety alerts or cause permanent equipment damage.
On Tuesday, a joint advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other federal partners warned critical infrastructure operators to secure these internet-connected systems immediately. The advisory highlighted that threat actors are actively exploiting flaws such as hardcoded credentials, authentication bypasses, SQL injection vulnerabilities, OS command execution weaknesses, and privilege escalation issues to alter system settings.
“The recent malicious cyber activity observed by the authoring organizations,which the U. S. government has not yet attributed to a nation-state or threat actor group,involves cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution,” the advisory stated. Once compromised, attackers can disable system alerts, increasing the risk of leaks, equipment failures, and potentially permanent damage to the tanks.
The Shadowserver Foundation, an internet security watchdog, reported on Thursday that it detected over 1,000 ATG systems exposed online, with 909 of those devices located in the United States. “We added scanning of Automatic Tank Gauge (ATG) systems to our Accessible ICS reporting with 1061 IPs seen on 2026-06-05 (on port 10001/tcp),” Shadowserver said. “This is after weeding out vast majority which appear to be honeypots (including ports 8001/9001).”
To mitigate these risks, CISA recommends that critical infrastructure organizations restrict remote access to ATG systems from the internet as soon as possible. Controlled access should be implemented through firewalls, VPNs, or access control lists. Organizations should also replace default passwords with strong credentials, apply security updates, monitor systems for unauthorized changes, and enable multi-factor authentication where feasible.
This latest warning follows a May report from CNN that Iranian hackers had breached internet-connected ATG systems at multiple U. S. gas stations. The attackers, linked to Iranian hacking groups based on their history of targeting fuel management systems, manipulated display readings without altering actual fuel levels. While no physical damage occurred, the incidents raised alarms about the potential for attacks to disable automated leak detection and other safety functions.
In April, a separate joint advisory from U. S. federal agencies tied Iranian state-backed hackers to attacks on Rockwell Automation/Allen-Bradley PLC devices starting in March 2026, resulting in financial losses and operational disruptions. Cybersecurity firm Censys later reported that 74.6% of such industrial control systems exposed online globally,amounting to 3,891 hosts,were located in the United States.
(Source: BleepingComputer)
