CISA automatic tank gauge system mitigations
Advisory/Mitigation
Summary
Hide ▲
Show ▼
CISA, FBI, NSA, and the Department of Energy warned that attackers are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage tanks across Energy, Chemical, Food and Agriculture, and Transportation Systems sectors. The activity involves compromise through authentication bypass, hardcoded credentials, command-execution flaws, SQL injection, and privilege escalation, after which attackers can modify network settings, product identifiers, tank volumes, and pump controls, and disable alerts. The agencies urged operators to block ATG systems from the internet, restrict remote access with firewalls, VPNs, or access control lists, replace default passwords, use strong credentials and multifactor authentication, apply security updates, and monitor for unauthorized changes.
Related Happenings
Automatic tank gauge (ATG) systems ongoing attacks
Exploitation Wave
H score25
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
How related:
Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks.
About this happening:
Over 900 internet-exposed ATG systems across the United States are being targeted in ongoing attacks, creating risk of alert tampering, fuel or chemical leaks, and...
Automatic tank gauge (ATG) systems ongoing attacks
Exploitation WaveHow related: Over 900 automatic tank gauge (ATG) systems across the United States, used to monitor fuel and chemical storage tanks across various critical infrastructure sectors, have been found exposed online and are vulnerable to ongoing attacks.
About this happening: Over 900 internet-exposed ATG systems across the United States are being targeted in ongoing attacks, creating risk of alert tampering, fuel or chemical leaks, and...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector Action
H score43
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
How related:
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other U.S. government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed ATG systems against ongoing attacks.
About this happening:
On 2026-06-05, CISA, the FBI, the NSA, the Department of Energy, and other U.S. partners issued a joint advisory telling critical infrastructure organiza...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector ActionHow related: On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other U.S. government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed ATG systems against ongoing attacks.
About this happening: On 2026-06-05, CISA, the FBI, the NSA, the Department of Energy, and other U.S. partners issued a joint advisory telling critical infrastructure organiza...
Iranian hackers' ATG cyberattack campaign
Campaign
H score37
First: 18.05.2026 18:41
Last: 18.05.2026 18:41
Sources 1
How related:
CISA's warning comes after a May CNN report that Iranian hackers had breached ATG systems connected to the Internet at multiple gas stations across the United States.
About this happening:
Iranian threat groups launched a barrage of cyberattacks after the conflict began, broadening pressure on US gas-station fuel-monitoring systems and signaling continued ri...
Iranian hackers' ATG cyberattack campaign
CampaignHow related: CISA's warning comes after a May CNN report that Iranian hackers had breached ATG systems connected to the Internet at multiple gas stations across the United States.
About this happening: Iranian threat groups launched a barrage of cyberattacks after the conflict began, broadening pressure on US gas-station fuel-monitoring systems and signaling continued ri...
CISA and NCSC-UK China-nexus covert device networks advisory
Advisory/Mitigation
H score25
First: 23.04.2026 15:00
Last: 23.04.2026 15:00
Sources 1
About this happening:
CISA and NCSC-UK released a new advisory warning organizations about Chinese government-linked covert networks built from compromised devices. The guidance says we...
CISA and NCSC-UK China-nexus covert device networks advisory
Advisory/MitigationAbout this happening: CISA and NCSC-UK released a new advisory warning organizations about Chinese government-linked covert networks built from compromised devices. The guidance says we...
CISA KEV directive for CVE-2026-20133
Public Sector Action
H score36
First: 21.04.2026 15:30
Last: 21.04.2026 15:30
Sources 1
About this happening:
On Monday, April 21, 2026, CISA added CVE-2026-20133 to the KEV Catalog and ordered FCEB agencies to secure their networks by Friday, April 24. The directi...
CISA KEV directive for CVE-2026-20133
Public Sector ActionAbout this happening: On Monday, April 21, 2026, CISA added CVE-2026-20133 to the KEV Catalog and ordered FCEB agencies to secure their networks by Friday, April 24. The directi...
Timeline
-
02.06.2026 15:00 4 articles · 1mo ago
CISA publishes ATG system mitigation guidance
Mitigation Patch UpdateCISA and government partners published a joint fact sheet recommending that owners and operators of U.S.-based automatic tank gauge (ATG) systems use strong passwords, remove ATG systems from the internet, and audit and monitor logs to reduce the risk of compromise that could disrupt tank monitoring, create undetected leaks, and cause environmental or physical damage.
Show sources
- CISA Urges Stronger Security for Automatic Tank Gauge Systems — www.cisa.gov — 02.06.2026 15:00
- CISA Urges Stronger Security for Automatic Tank Gauge Systems — www.cisa.gov — 02.06.2026 15:00
- CISA warns of cyberattacks targeting fuel tank monitoring systems — www.bleepingcomputer.com — 03.06.2026 23:21
- Over 900 US gas station tank gauge systems exposed to attacks — www.bleepingcomputer.com — 05.06.2026 17:50