Federal cybersecurity officials are warning that hackers have been actively targeting the automatic tank gauge (ATG) systems used to monitor fuel and other industrial liquids across the United States. The joint advisory—issued by CISA, the FBI, the NSA, the Department of Energy, the EPA, and several other agencies—describes a pattern of malicious activity involving internet‑exposed ATG devices.
What ATG Systems Do
ATG systems are widely deployed in the energy, chemical, food and agriculture, and transportation sectors. They remotely track fuel levels, temperatures, and potential leaks in underground or above‑ground storage tanks. These systems are essential for gas stations, industrial facilities, and even agricultural operations that rely on automated monitoring to maintain safety and continuity.
How Hackers Are Breaking In
According to the advisory, attackers have been exploiting several known weaknesses in ATG devices, including:
- Authentication bypass and hardcoded credentials, allowing unauthorized access to management interfaces.
- Operating‑system command execution and SQL injection, enabling attackers to run arbitrary code or manipulate databases.
- Privilege escalation, granting full administrative control over the device.
Once inside, threat actors have modified system settings, disabled alerts, altered tank readings, and interfered with monitoring functions. Officials warn that such manipulation could disrupt operations or obscure safety issues, though experts note that ATG systems themselves cannot directly cause leaks.
Possible Links to Iran—But No Official Attribution
While the U.S. government has not formally attributed the activity to any specific group, CNN previously reported that Iranian‑linked hackers were suspected in earlier intrusions affecting gas stations in multiple states. Those incidents involved weak or nonexistent passwords on internet‑connected ATG systems. The attackers reportedly manipulated display readings but did not alter actual fuel levels or cause physical damage.
Why the Threat Matters
Security analysts say the targeting of ATG systems reflects a broader trend: hackers are increasingly probing operational technology that bridges digital networks and physical infrastructure. Disruptions to fuel monitoring could affect gas stations, supply chains, agricultural operations, and chemical storage facilities.
Government Recommendations
Federal agencies are urging operators to take immediate steps to secure ATG systems, including:
- Removing ATG devices from direct internet exposure
- Enforcing strong passwords and replacing defaults
- Using VPNs or firewalls to restrict remote access
- Applying security patches
- Monitoring for unauthorized changes or suspicious activity
Officials emphasize that widespread use of ATG systems—and their history of weak security configurations—makes them an attractive target for cyber actors seeking to disrupt critical infrastructure.