CISA and Partners Warn Hackers Are Targeting Fuel-Tank Monitoring Systems

This is a critical-infrastructure operational-technology advisory with a physical-consequence dimension: exposed fuel-monitoring systems can leak operational data or be manipulated in ways that touch the handling of fuel, and the fix is to take them off the open internet.

WASHINGTON, D.C. — On June 2, 2026, CISA and a group of US government partners — including the FBI, the NSA, the Department of Energy, and additional agencies — issued a joint advisory warning that threat actors are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid-storage tanks across critical-infrastructure sectors. Per BleepingComputer and the advisory itself, titled 'CISA and Partners Urge Hardening Automatic Tank Gauge Systems,' the recent malicious activity involves compromising internet-exposed ATG systems and then modifying them through command execution. The agencies have not attributed the activity to any specific nation-state or threat group.

ATG systems sit at the operational-technology edge: they are frequently internet-reachable, rarely hardened, and tied directly to physical fuel handling — automated and remote monitoring of tank parameters such as fuel and liquid levels, temperature, and leak detection. That combination of broad exposure and physical proximity is what makes the advisory more than a routine bulletin.

What Happened

Per the advisory, the agencies are aware of malicious cyber activity targeting US-based ATG systems, which are widely deployed across the Energy, Chemical, Food and Agriculture, and Transportation Systems sectors for automated and remote monitoring of storage-tank parameters. The recent activity involves threat actors compromising internet-exposed devices and subsequently modifying their settings through command execution. The advisory describes multiple ways ATG systems can be attacked: authentication bypass and hardcoded credentials that grant unauthorized access to device management interfaces; OS command execution and SQL injection that let an attacker run code and manipulate underlying databases; and privilege escalation that yields full administrator control of the device.

The agencies' recommended mitigations are straightforward operational-technology hygiene: block ATG systems from the internet, restrict remote access through firewalls, VPNs or access-control lists, replace default passwords, use strong credentials and multifactor authentication, apply security updates, and actively monitor systems for unauthorized changes. The advisory follows reporting earlier in the spring — CNN reported in May that Iranian hackers were behind a series of breaches involving ATG systems at gas stations in multiple states — but the joint advisory itself does not attribute the activity to any specific actor, and The CyberSignal treats the Iran connection as unconfirmed reporting rather than a government finding.

The Mechanism: Edge OT That Was Never Meant to Face the Internet

Automatic tank gauges are sensor-and-controller units that sit on or near storage tanks and report their state — levels, temperature, leak status — often back to a central monitoring system or directly to an operator. Many were designed and deployed in an era when 'remote access' meant a dial-up line, not exposure to the open internet, and they frequently ship with weak or hardcoded credentials and management protocols that were never hardened for public reachability. The advisory's named vectors — authentication bypass, hardcoded credentials, OS command execution, SQL injection, privilege escalation — are the predictable result of internet-exposing devices built on those assumptions. This is the same exposure dynamic The CyberSignal has tracked across the broader critical-infrastructure tooling landscape, including the CVSS 10.0 flaw in Cisco Secure Workload; the difference here is that the device sits at the physical edge of fuel handling.

Why the Physical-Consequence Angle Matters

The reason an advisory about fuel-tank gauges merits a standalone brief is the physical dimension. Most cybersecurity incidents end in data loss or service disruption; an attack that can modify the settings of a device monitoring physical fuel storage carries a different class of risk. Exposed ATG systems can leak operational data, and — in the worst case the advisory implies through its emphasis on command execution and setting modification — be manipulated in ways that affect the handling of fuel. The CyberSignal is careful here: the advisory describes observed compromise and setting modification, not a confirmed physical-safety incident, and we will not overstate the consequence. But the energy-sector OT targeting trend is real, as documented in the ESET APT report detailing Sandworm's DynoWiper hitting Polish energy, and ATG systems are a soft, often-forgotten part of that surface.

The 'OT You Forgot Is Online' Problem

The defining failure mode the advisory addresses is not a clever exploit but simple exposure: devices that should never have been reachable from the internet are reachable from the internet. Shodan-style scanning routinely turns up ATG units and similar OT with management interfaces facing the public network, often at sites — gas stations, fuel depots, agricultural and food-processing facilities — where there is no on-site security staff and the device was installed and forgotten. That is why the agencies' primary mitigation is not a patch but a network-architecture change: get the device off the internet. The lesson generalizes to the whole category of edge OT, and it pairs with the broader vulnerability-management discipline of knowing what you have and where it is reachable from — an inventory problem as much as a patching one.

Scope and Impact

The exposed population spans every sector that stores fuel or bulk liquids and uses automated monitoring: fuel retailers and gas stations, energy and petrochemical facilities, chemical plants, food and agriculture operations, and transportation and logistics sites. The advisory's framing — internet-exposed ATG systems across the Energy, Chemical, Food and Agriculture, and Transportation Systems sectors — describes a large and geographically dispersed footprint, much of it operated by organizations without dedicated security teams. The precondition for the observed activity is internet exposure, which means the at-risk set is precisely the population of ATG units whose management interfaces are reachable from the public network, a number that internet-scanning tends to put in the thousands for this device class.

The structural risk is the combination of weak device security and physical-process proximity. ATG systems frequently rely on default or hardcoded credentials and unhardened protocols, so an internet-reachable unit is often trivially accessible; once an attacker has access and can execute commands, they can read operational data and alter device settings. Because these devices monitor physical storage, the worst-case impact crosses from the digital into the physical realm — even if, in most observed cases, the immediate effect is unauthorized access and configuration change rather than a safety event. Outsourced and third-party-managed fuel sites compound the risk, because the organization that owns the consequence may not be the one that controls the device.

Specifics to confirm against the primary advisory include the exact advisory identifier and URL, the specific ATG products and protocols named, the complete list of issuing agencies, and any indicators of compromise or detailed mitigation steps the agencies enumerated. The Iranian-actor connection reported by CNN in May should be treated as media reporting that the joint advisory does not endorse; the US government has explicitly not attributed this activity, and The CyberSignal will not present the Iran link as a confirmed finding.

Response and Attribution

For critical-infrastructure and operational-technology operators, the first and highest-leverage action is to find and remove ATG systems from direct internet exposure. Place them behind a firewall or VPN with strong authentication, never expose management protocols publicly, and segment OT from IT networks so that only explicitly authorized systems can reach tank-monitoring devices. Apply vendor firmware updates and change default credentials on ATG units and related controllers, enable multifactor authentication where the device supports it, and monitor for anomalous connections and unauthorized configuration changes, ingesting the advisory's indicators once they are published. These steps map directly onto the agencies' own recommended mitigations.

For sector regulators and fleet operators in fuel, energy and logistics, the action extends to third-party oversight. Audit third-party-managed fuel sites for exposed monitoring systems, because outsourced OT is still the contracting organization's risk — and the entity that suffers the consequence of a manipulated fuel-monitoring system is rarely the one that installed or maintains it. Building exposure checks into vendor and site-management contracts, and requiring evidence that ATG and similar devices are not internet-reachable, turns a one-time advisory response into a durable control.

On attribution, the honest position is that there is none from the US government: the joint advisory does not name a nation-state or threat group, and while CNN reported in May that Iranian hackers were behind ATG breaches at US gas stations, that is media reporting the advisory does not confirm. The CyberSignal notes the Iran reporting as context — and has separately covered Iran-nexus activity such as the LA Metro persona attribution work — but does not treat the ATG campaign as attributed. The defender value of this advisory does not depend on who is behind it; the mitigation is the same regardless of the actor.

The CyberSignal Analysis

Signal 01 — Exposure, Not Exploitation, Is the Root Cause

The striking thing about this advisory is that its primary fix is not a patch but a network-architecture decision: get the device off the internet. That reframes the problem from 'this device has a vulnerability' to 'this device should never have been reachable.' For edge OT, exposure is the root cause, and segmentation is the control that addresses an entire class of flaws — authentication bypass, hardcoded credentials, command execution — at once. Organizations that treat reachability as the thing to eliminate, rather than chasing each device-specific bug, get more durable risk reduction for less effort.

Signal 02 — The Physical Edge Raises the Stakes

ATG systems matter more than their humble function suggests because they sit at the boundary between the digital and the physical. A compromised monitoring device is not just a data-loss problem; it touches the handling of fuel and bulk liquids. The CyberSignal is deliberate in not overstating this — the advisory describes access and setting modification, not a confirmed safety incident — but the category of risk is qualitatively different from an IT breach. That difference is the argument for treating even mundane OT monitoring devices as critical assets deserving segmentation, monitoring and patching, rather than as install-and-forget hardware.

Signal 03 — Forgotten OT Is an Inventory Problem

The devices at issue are precisely the ones organizations forget they have: a tank gauge installed years ago at a remote site, with a management interface quietly facing the internet. You cannot protect what you do not know is exposed, which makes this as much an asset-inventory problem as a configuration one. The practical move is to inventory edge OT, determine what is reachable from the public network, and bring those devices into the same vulnerability-management and monitoring program that covers the rest of the estate. The advisory is a prompt to go looking for the OT you forgot is online — before someone else finds it first.

Sources