Multiple US government agencies have issued a warning about cyberattacks targeting internet-exposed automatic tank gauge (ATG) systems that monitor fuel and liquid storage tanks across critical infrastructure sectors such as Energy, Chemical, Food and Agriculture, and Transportation. Attackers gain access through vulnerabilities including authentication bypass, hardcoded credentials, operating system command execution flaws, SQL injection, and privilege escalation. Once compromised, attackers can modify network settings, product identifiers, tank volumes, pump controls, and disable alerts, which may hinder proper monitoring and increase the risk of leaks or equipment failures. While Iranian hackers have been linked to similar incidents involving ATG systems at gas stations, definitive attribution is not confirmed. The advisory urges organizations to block ATG systems from direct internet exposure, restrict remote access via firewalls or VPNs, replace default passwords, implement multifactor authentication, apply security updates, and monitor for unauthorized changes.

Successful exploitation allows attackers to alter critical monitoring parameters of fuel and liquid storage tanks, including network settings, tank volume readings, and pump controls. They can also disable alerts, potentially preventing operators from detecting leaks or equipment malfunctions. This manipulation increases the risk of undetected hazardous conditions and operational disruptions in critical infrastructure sectors. Although no physical damage has been reported, the compromise of safety-related functions poses significant operational and safety risks.

The US government advisory recommends immediately blocking ATG systems from direct internet exposure. Remote access should be restricted using firewalls, VPNs, or access control lists. Default and hardcoded passwords must be replaced with strong credentials, and multifactor authentication should be implemented where possible. Organizations should apply all relevant security updates and patches to ATG systems. Continuous monitoring for unauthorized changes is advised. Since no specific patch information is provided, organizations should consult vendor advisories for updates. These mitigations are critical to reduce the risk of compromise.