CISA warns of cyberattacks targeting fuel tank monitoring systems

US government agencies (CISA, FBI, NSA, DOE and partners) warn that threat actors are targeting internet-exposed Automatic Tank Gauge (ATG) systems used in energy, chemical, food/agriculture, and transportation sectors. Attackers have exploited weak or hardcoded credentials, authentication bypasses, OS command execution flaws, SQL injection, and privilege escalation to modify network settings, product identifiers, tank volumes, pump controls, and alerts—potentially preventing accurate monitoring and increasing safety risks. Agencies recommend removing ATG systems from direct internet exposure, enforcing strong authentication and MFA, patching systems, and actively monitoring for unauthorized changes.