CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 04, 2026

CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids - Cybersecurity Dive

Cybersecurity Dive Archived Jun 04, 2026 ✓ Full text saved

CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids Cybersecurity Dive

Full text archived locally
✦ AI Summary · Claude Sonnet


    CISA, FBI warn that hackers are targeting systems used to monitor industrial fluids Automatic tank gauge systems are widely used across multiple industries, including energy, agriculture and transportation. Published June 3, 2026 David Jones Reporter Share License Add us on Google A gas pump is seen situated while pumping gas at a Shell gas station on April 1, 2022, in Houston, Texas. The FBI and CISA in June 2026 warned that hackers are targeting devices used to monitor fuel and other industrial liquids. Brandon Bell via Getty Images The Cybersecurity and Infrastructure Security Agency, FBI and other federal authorities warned Tuesday that hackers have targeted automatic tank gauge systems in threat activity across multiple industry sectors. Tank gauge, or ATG, systems are used to measure temperature, check fuel or other liquid levels and detect leaks, according to guidance released by the agencies. Hackers have targeted internet-exposed devices and used command execution to disable alerts or otherwise obscure the monitoring of these devices.  Authorities referenced multiple access vectors used to exploit flaws in tank gauge systems:  Authentication bypass and hardcoded credentials allows hackers to gain access to device management interfaces. Operating system command execution and structured query language injection lets hackers execute arbitrary code and manipulate underlying databases.  Privilege escalation allows hackers to gain full administrator privileges over the operating system and the device application. Federal authorities are urging operators to secure these systems, by disconnecting them from the internet, changing default passwords and applying security patches.  Iran connection possible Federal authorities have not attributed the attacks to any specific group, but CNN previously reported an investigation into the hack of ATG systems that serve gas stations in multiple U.S. states. The threat activity is suspected to be connected to Iran-linked hackers, but federal officials are not publicly making that link.  OT security experts cautioned there are limits to how a hacker might manipulate these devices.  “A malicious actor could take control of an ATG and disrupt its functions, including leak detection, but they cannot cause a leak with an ATG,” said Markus Mueller, field CISO at Nozomi Networks. “Similarly, a malicious actor could disrupt the ability to fill or use a tank to fill a vehicle.” Besides use at gas stations, these devices are also widely used to monitor food for farm equipment and storage for bulk chemicals, according to the Food and Agriculture Information Sharing and Analysis Center.  “A compromised ATG can disrupt harvest operations, trigger false safety alerts, or interfere with food-grade storage, with downstream impacts on food and supply continuity,” Jonathan Braley, director of threat intelligence at Ag-ISAC, told Cybersecurity Dive. CISA and the FBI previously warned about threat activity targeting U.S. water and energy utilities in connection with the Iran war. The threat advisory, issued in April, noted the attacks have led to operational and financial impacts.  Iran-linked threat groups have a history of targeting vulnerable water utilities and other industrial systems in the U.S., dating back to the Gaza war in 2023.  Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter Email: Sign up The authoring agencies include the Environmental Protection Agency, Department of Energy, National Security Agency, Department of Transportation, Transportation Security Administration and Department of Agriculture.  Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Threats, Policy & Regulation
    💬 Team Notes
    Article Info
    Source
    Cybersecurity Dive
    Category
    ◇ Industry News & Leadership
    Published
    Jun 04, 2026
    Archived
    Jun 04, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗