CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 03, 2026

CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems

Cybersecurity News Archived Jun 03, 2026 ✓ Full text saved

A serious wave of cyberattacks is now targeting a piece of infrastructure that most people never think about. Automatic Tank Gauge systems, commonly known as ATG systems, are used across the United States to remotely monitor fuel levels, liquid volumes, temperatures, and potential leaks in storage tanks. These systems sit quietly in the background, keeping […] The post CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems appeared first on Cyber Security News

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems By Tushar Subhra Dutta June 3, 2026 A serious wave of cyberattacks is now targeting a piece of infrastructure that most people never think about. Automatic Tank Gauge systems, commonly known as ATG systems, are used across the United States to remotely monitor fuel levels, liquid volumes, temperatures, and potential leaks in storage tanks. These systems sit quietly in the background, keeping operations running at gas stations, farms, chemical plants, and transportation hubs. Now, threat actors are actively going after them. ATG systems are deployed across the Energy, Chemical, Food and Agriculture, and Transportation sectors. They are critical because they automate what would otherwise require constant manual oversight. But that same network connectivity that makes them useful has also made them a target. Attackers are exploiting the fact that many of these systems are left exposed to the open internet, often with weak or default passwords still in place. CISA, in a report shared with Cyber Security News (CSN), along with the FBI, NSA, DOE, EPA, TSA, DOT, and USDA, confirmed active malicious cyber activity targeting U.S.-based ATG systems. The agencies noted that threat actors are compromising internet-exposed devices and actively modifying them through direct command execution. The U.S. government has not yet attributed the activity to any specific nation-state or threat group. The attacks are not theoretical. Threat actors are gaining access, running commands, and in some cases taking full control of these systems as if they were standing right in front of the hardware. Once inside, they can change network settings, adjust tank volume readings, alter pump controls, and disable the alerts that operators rely on to catch dangerous problems early. The consequences could reach well beyond a network intrusion. A compromised ATG system can create what experts call a “denial of view” condition, where operators can no longer see accurate fill levels. Left unchecked, this could lead to physical damage to tank infrastructure, environmental hazards, or spills from relay failures. CISA and Partners Warns of Cyberattacks The attack methods described in the advisory are not exotic, but they are effective. Threat actors exploit authentication bypass flaws and hardcoded credentials to slip past device management interfaces without a valid login. Once they have a foothold, they use operating system command execution and SQL injection to run arbitrary code and manipulate the underlying databases that manage tank data. From there, privilege escalation gives attackers full administrator control over both the device software and the operating system. They can make devices report false readings, suppress safety alarms, or cause components to malfunction in ways that are hard to detect until real damage is done. The simplicity of these entry points is especially concerning given how widely ATG devices are deployed across critical industries. Steps to Protect ATG Systems Now CISA and its partner agencies have outlined clear steps that ATG owners and operators should take immediately. The most urgent action is removing these systems from direct internet exposure. The ATG serial port, which defaults to TCP ports 8001, 9001, or 10001, should never be publicly accessible. If remote access is truly needed, it must be protected behind a firewall, an access control list, or a VPN. Operators should change any default passwords right away and set strong, unique credentials for every interface, including the serial port. Where possible, phishing-resistant multifactor authentication should be enabled. Keeping software patched and working with certified service providers to apply the latest manufacturer updates is equally important. Organizations should enable detailed logging and regularly audit those logs for signs of unauthorized access, unusual alarm activity, or unexpected configuration changes. Any suspected incidents should be reported to CISA at report@cisa.gov or by calling 888-282-0870. The FBI also accepts complaints through the Internet Crime Complaint Center at www.ic3.gov. The threat to ATG systems is a reminder that industrial control devices are in the crosshairs of attackers. Leaving them exposed and unprotected is no longer an option. Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Tushar Subhra Dutta Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics. Trending News Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones Hackers Using AI Tools to Automate Active Directory Attacks and EDR Evasion Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing Critical KMW CCTV Vulnerability Let Attackers Gain Unauthorized Access to Camera Feeds New Gogs 0-Day Vulnerability Lets Attackers Run Malicious Code on the Server Remotely Latest News Cyber Security News WordPress Plugin Vulnerability Exposes 500,000+ Websites to Privilege Escalation Attacks AI Hackers Using AI Tools to Automate Active Directory Attacks and EDR Evasion Apache Critical Apache ActiveMQ Vulnerability Allows Malicious Security Header Injections Cyber Security News Ivanti ITSM Vulnerability Lets Attackers Gain Admin Privilege Cyber Security News Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 03, 2026
    Archived
    Jun 03, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗