Automatic tank gauge (ATG) systems ongoing attacks
Exploitation Wave
Summary
Hide ▲
Show ▼
Over 900 internet-exposed ATG systems across the United States are being targeted in ongoing attacks, creating risk of alert tampering, fuel or chemical leaks, and equipment failure. The affected devices support monitoring across critical infrastructure sectors, including gas stations and industrial storage sites. Attackers are abusing hardcoded credentials, authentication bypasses, SQL injection, OS command execution, and privilege escalation flaws to modify system settings. Defenders are being told to restrict Internet access, replace default passwords, apply updates, and enforce VPNs or ACLs where possible.
Related Happenings
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector Action
First: 05.06.2026 17:50
Last: 05.06.2026 17:50
Sources 1
How related:
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other U.S. government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed ATG systems against ongoing attacks.
About this happening:
On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...
CISA-led joint advisory to secure internet-exposed ATG systems
Public Sector ActionHow related: On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other U.S. government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed ATG systems against ongoing attacks.
About this happening: On **2026-06-05**, **CISA**, the **FBI**, the **NSA**, the **Department of Energy**, and other U.S. partners issued a **joint advisory** telling **critical infrastructure organiza...
CISA automatic tank gauge system mitigations
Advisory/Mitigation
First: 02.06.2026 15:00
Last: 02.06.2026 15:00
Sources 1
How related:
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other U.S. government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed ATG systems against ongoing attacks.
About this happening:
**CISA**, **FBI**, **NSA**, and the **Department of Energy** warned that attackers are targeting **internet-exposed automatic tank gauge (ATG) systems** used to monitor fuel and l...
CISA automatic tank gauge system mitigations
Advisory/MitigationHow related: On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, the NSA, the Department of Energy, and other U.S. government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed ATG systems against ongoing attacks.
About this happening: **CISA**, **FBI**, **NSA**, and the **Department of Energy** warned that attackers are targeting **internet-exposed automatic tank gauge (ATG) systems** used to monitor fuel and l...
Iranian hackers' ATG cyberattack campaign
Campaign
First: 18.05.2026 18:41
Last: 18.05.2026 18:41
Sources 1
How related:
CISA's warning comes after a May CNN report that Iranian hackers had breached ATG systems connected to the Internet at multiple gas stations across the United States.
About this happening:
Iranian threat groups launched a **barrage of cyberattacks** after the conflict began, broadening pressure on **US gas-station fuel-monitoring systems** and signaling continued ri...
Iranian hackers' ATG cyberattack campaign
CampaignHow related: CISA's warning comes after a May CNN report that Iranian hackers had breached ATG systems connected to the Internet at multiple gas stations across the United States.
About this happening: Iranian threat groups launched a **barrage of cyberattacks** after the conflict began, broadening pressure on **US gas-station fuel-monitoring systems** and signaling continued ri...
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector Action
First: 18.05.2026 18:41
Last: 18.05.2026 18:41
Sources 1
About this happening:
The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
US government warning on Iran-affiliated critical infrastructure disruption risk
Public Sector ActionAbout this happening: The **US government** warned that **Iran-affiliated threat actors** were disrupting **US critical infrastructure** through attacks on **Internet-exposed OT devices** across **mult...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Timeline
-
05.06.2026 17:50 1 articles · 8h ago
CISA and federal partners warn on exposed ATG systems under attack
Initial DisclosureCISA, the FBI, the NSA, the Department of Energy, and other U.S. government partners issued a joint advisory warning critical infrastructure organizations to secure internet-exposed automatic tank gauge (ATG) systems against ongoing attacks. The advisory says threat actors are exploiting hardcoded credentials, authentication bypasses, SQL injection, OS command execution, and privilege escalation weaknesses to compromise devices, alter system settings, and disable alerts.
Show sources
- Over 900 US gas station tank gauge systems exposed to attacks — www.bleepingcomputer.com — 05.06.2026 17:50
-
05.06.2026 17:50 2 articles · 8h ago
Shadowserver sees 1,061 exposed ATG IPs on 2026-06-05
Detection Ioc UpdateShadowserver added Automatic Tank Gauge (ATG) systems to its Accessible ICS reporting and observed 1,061 IPs on 2026-06-05, with 909 devices in the United States after filtering out apparent honeypots. The observation underscores the scale of internet-exposed ATG systems being tracked for active compromise risk.
Show sources
- Over 900 US gas station tank gauge systems exposed to attacks — www.bleepingcomputer.com — 05.06.2026 17:50
- Over 900 US gas station tank gauge systems exposed to attacks — www.bleepingcomputer.com — 05.06.2026 17:50