CISA, FBI, NSA warn hackers are modifying internet-exposed fuel tank gauge (ATG) systems - prior activity linked to Iran
CISA, the FBI, the NSA, the Department of Energy, and partners have warned that threat actors are targeting internet-exposed automatic tank gauge (ATG) systems used to monitor fuel and liquid storage across the Energy, Chemical, Food and Agriculture, and Transportation sectors. Attackers gain access via authentication-bypass flaws, hardcoded credentials, OS command-execution bugs, SQL injection, and privilege escalation, then modify network settings, product identifiers, tank volumes, and pump controls, and can disable alerts - raising the risk of leaks or equipment failure. The advisory does not formally attribute the activity, but it follows May CNN reporting linking Iranian hackers to similar ATG breaches. Agencies urge removing ATG systems from the internet.
- Check
- Inventory automatic tank gauge (ATG) systems and confirm none are internet-exposed. Replace default passwords, enable MFA, and review device logs for unauthorized changes to settings, volumes, or pump controls.
- Affected
- Internet-exposed ATG systems across Energy, Chemical, Food and Agriculture, and Transportation sectors. Access via auth-bypass, hardcoded credentials, command-execution, SQL injection, and privilege-escalation flaws. Prior activity linked to Iran.
- Fix
- Remove ATG systems from the internet; restrict remote access via firewalls, VPNs, or ACLs. Replace default credentials, enforce MFA, apply updates, and monitor for unauthorized configuration changes.