U.S. Government Warns of Widespread Attacks on Exposed Fuel and Chemical Tank Monitoring Systems
Over 900 automatic tank gauge (ATG) systems critical devices used to monitor fuel and chemical storage tanks in the U.S. have been found exposed online and are under active attack. ATGs automate inventory control, leak detection, and regulatory compliance across gas stations, industrial facilities, and other critical infrastructure sectors.
On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, NSA, Department of Energy, and other federal agencies issued a joint advisory urging organizations to secure these internet-facing systems. Threat actors are exploiting vulnerabilities including hardcoded credentials, authentication bypasses, SQL injection, and command execution flaws to alter system settings, disable alerts, and risk leaks or equipment damage.
While the U.S. government has not attributed the attacks to a specific group, the advisory follows a May report by CNN linking Iranian hackers to breaches of ATG systems at multiple U.S. gas stations. In those incidents, attackers manipulated display readings without altering actual fuel levels, raising concerns about potential disruptions to safety functions like leak detection.
Security firm Shadowserver reported over 1,000 exposed ATG systems globally, with 909 located in the U.S. as of June 5. The agencies recommend restricting remote access, replacing default passwords, applying security updates, and implementing multi-factor authentication to mitigate risks.
The warning comes amid broader concerns over industrial control system (ICS) security, including a separate April advisory linking Iranian state-backed hackers to attacks on Rockwell Automation PLCs since March 2026, which caused financial and operational disruptions. Censys data revealed that 74.6% of exposed ICS hosts globally are in the U.S.
U.S. Oil & Refining Co. cybersecurity rating report: https://www.rankiteo.com/company/u.s.-oil-&-refining-co.
Cybersecurity from Rockwell Automation cybersecurity rating report: https://www.rankiteo.com/company/cybersecurity-from-rockwell-automation
"id": "U.SCYB1780676705",
"linkid": "u.s.-oil-&-refining-co., cybersecurity-from-rockwell-automation",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': ['Energy', 'Chemical'],
'location': 'U.S.',
'type': ['Gas stations',
'Industrial facilities',
'Critical infrastructure sectors']}],
'attack_vector': ['Exposed internet-facing systems',
'Exploitation of vulnerabilities'],
'date_publicly_disclosed': '2023-10-03',
'description': 'Over 900 automatic tank gauge (ATG) systems critical devices '
'used to monitor fuel and chemical storage tanks in the U.S. '
'have been found exposed online and are under active attack. '
'Threat actors are exploiting vulnerabilities including '
'hardcoded credentials, authentication bypasses, SQL '
'injection, and command execution flaws to alter system '
'settings, disable alerts, and risk leaks or equipment damage.',
'impact': {'operational_impact': ['Altered system settings',
'Disabled alerts',
'Risk of leaks or equipment damage'],
'systems_affected': 'Over 900 ATG systems in the U.S.'},
'investigation_status': 'Ongoing',
'motivation': ['Disruption', 'Potential safety risks', 'Data manipulation'],
'post_incident_analysis': {'root_causes': ['Exposed internet-facing ATG '
'systems',
'Unpatched vulnerabilities',
'Weak authentication mechanisms']},
'recommendations': ['Restrict remote access to ATG systems',
'Replace default passwords',
'Apply security updates',
'Implement multi-factor authentication'],
'references': [{'source': 'CISA Joint Advisory'},
{'source': 'CNN Report (May)'},
{'source': 'Shadowserver Report'},
{'source': 'Censys Data'}],
'regulatory_compliance': {'regulatory_notifications': ['Joint advisory issued '
'by CISA, FBI, NSA, '
'Department of Energy, '
'and other federal '
'agencies']},
'response': {'containment_measures': ['Restricting remote access',
'Replacing default passwords',
'Applying security updates',
'Implementing multi-factor '
'authentication']},
'stakeholder_advisories': 'Joint advisory issued by U.S. federal agencies',
'threat_actor': 'Iranian state-backed hackers (suspected)',
'title': 'U.S. Government Warns of Widespread Attacks on Exposed Fuel and '
'Chemical Tank Monitoring Systems',
'type': ['Cyber Attack', 'Industrial Control System (ICS) Compromise'],
'vulnerability_exploited': ['Hardcoded credentials',
'Authentication bypasses',
'SQL injection',
'Command execution flaws']}