On June 2, CISA, the FBI, the NSA, the Department of Energy, the EPA, the TSA, the DOT and the USDA put out a joint advisory warning that threat actors are actively compromising internet-exposed automatic tank gauge (ATG) systems and altering their configuration through command execution. Three days later, Shadowserver added ATG scanning to its Accessible ICS feed and found 1,061 devices answering on the public internet โ 909 of them in the United States.
If you run fuel or chemical storage โ gas stations, fleet depots, the diesel reserve behind a data center, a chemical plant โ and an ATG console is reachable from the internet, taking it offline is tonight’s work.
What an ATG is, and why it’s sitting on the internet
An ATG is the electronic brain on a storage tank. It tracks liquid level, temperature and pressure, automates inventory reconciliation, and โ critically โ runs environmental leak detection and regulatory compliance reporting. Veeder-Root’s TLS-350 and TLS-450 are the canonical examples. These were designed as serial devices, then bridged onto IP networks with cheap serial-to-Ethernet converters so head office could poll them remotely. That bridge classically lands on port 10001/tcp, and the protocol behind it assumes a trusted serial cable, not a hostile network. Shadowserver explicitly weeded out the honeypot noise on ports 8001 and 9001 before landing on its count, so the 1,061 figure is real consoles, not decoys.
The attack
The agencies say actors are reaching exposed ATGs and “modifying them through command execution.” The advisory enumerates the usual ways in for this class of gear: hardcoded credentials, authentication bypass, SQL injection, OS command execution, and privilege escalation. None of it is exotic. Many of these consoles ship with default or absent passwords, so the bar is often just knowing the IP and the port.
The U.S. government has not attributed the current activity to a specific actor. But it follows a May CNN report that Iranian hackers breached internet-connected ATGs at multiple U.S. gas stations, manipulating the display readings without changing actual fuel levels โ access for its own sake, and a warning shot. It also rhymes with the April advisory tying Iranian state-backed operators to attacks on Rockwell/Allen-Bradley PLCs since March, after which Censys found 3,891 such industrial hosts exposed in the U.S. alone.
Why this is worse than it looks
This is not a data-breach story. An ATG’s job includes catching leaks and overfills before fuel hits groundwater. CISA’s concern is that an attacker who disables alerts or rewrites alarm thresholds can mask a developing leak or push a tank past safe limits โ turning a network intrusion into an environmental and physical-safety incident, with the possibility of permanent damage to the tank system. The device that’s supposed to be your last line of defense becomes silent at exactly the wrong moment.
What to do right now
Pull ATG consoles off the public internet immediately and gate all remote access behind a firewall, VPN or ACL โ the advisory’s first and loudest recommendation. Scan your own external ranges for port 10001/tcp (and anything else fronting a tank controller); if it answers from outside, treat it as already suspect. Replace default and hardcoded passwords with strong, unique credentials, and enable MFA wherever the platform allows it. Apply available firmware updates. Then audit alarm and leak-detection thresholds and review logs for unauthorized configuration changes โ because the whole point of this campaign is to quietly turn the safety features off.
Advisory: CISA / FBI / NSA joint guidance (IC3 PDF) ยท CISA resource page ยท Shadowserver ICS dashboard