Over 900 US Gas Station Fuel Systems Exposed to Cyberattacks

Critical Infrastructure Under Threat

More than 900 Automatic Tank Gauge (ATG) systems across the United States are currently exposed online, leaving them vulnerable to cyberattacks. These systems are crucial for monitoring fuel and chemical storage tanks in various critical infrastructure sectors. Their exposure poses significant risks, including potential leaks, equipment failures, and even permanent damage to tank systems.

Government Agencies Issue Urgent Warning

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Department of Energy, alongside other U.S. government partners, issued a joint advisory. This warning urged critical infrastructure organizations to secure their internet-exposed ATG systems against ongoing attacks.

ATG systems are electronic monitoring devices that remotely track liquids in storage tanks. They automate inventory control, environmental leak detection, and regulatory compliance.

Attack Methods and Vulnerabilities

Federal agencies warned that threat actors are targeting these devices to alter system settings through command execution attacks. Attackers exploit various security flaws, including hardcoded credentials, authentication bypasses, SQL injection vulnerabilities, operating system (OS) command execution flaws, and privilege escalation weaknesses. Successful compromises could disable system alerts, increasing the risk of leaks or equipment failures.

Shadowserver Confirms Widespread Exposure

Internet security watchdog Shadowserver reported today that over 1,000 ATG systems were exposed online globally. The vast majority, 909 devices, are located within the United States. Shadowserver added scanning of ATG systems to its Accessible ICS reporting, detecting 1061 IP addresses on June 5, 2026, on port 10001/tcp.

• Restrict remote access to ATG systems immediately.
• Implement controlled access using firewalls, Virtual Private Networks (VPNs), or Access Control Lists (ACLs).
• Replace default passwords with strong, unique credentials.
• Apply all available security updates promptly.
• Monitor systems for any unauthorized changes.
• Implement Multi-Factor Authentication (MFA) where possible.

Previous Incidents Highlight Risks

CISA's warning follows a May CNN report detailing breaches by Iranian hackers. They reportedly accessed internet-connected ATG systems at multiple US gas stations. These attackers manipulated display readings but did not alter actual fuel levels. While no physical damage occurred, these incidents raise concerns about hindering automated fuel leak detection and other safety functions.

In April, another joint advisory linked Iranian state-backed hackers to attacks. These targeted Rockwell Automation/Allen-Bradley Programmable Logic Controller (PLC) devices since March 2026. Cybersecurity firm Censys reported that 74.6% (3,891 hosts) of such industrial control systems exposed online globally were from the United States.

Key Points

• Over 900 US Automatic Tank Gauge (ATG) systems are exposed online to cyberattacks.
• US government agencies issued a joint advisory warning about ongoing attacks.
• Shadowserver identified 909 exposed ATG devices in the United States.
• Attackers exploit vulnerabilities to alter system settings and disable alerts.
• Iranian hackers reportedly breached US gas station ATG systems in May.

The Bottom Line

The widespread exposure of ATG systems presents a serious cybersecurity threat to critical infrastructure. Organizations must act immediately to secure these devices by restricting internet access and implementing robust security measures. Failing to do so could lead to significant operational disruptions, environmental hazards, and financial losses.