The Device Nobody Thinks About Is the One Getting Compromised
Automatic tank gauges don’t appear on most threat model diagrams. They sit underground, monitoring fuel levels at gas stations and chemical storage facilities, generating compliance reports and triggering leak alerts — quietly, automatically, without much human attention. That obscurity has become a liability. As of June 5, 2026, Shadowserver identified 1,061 IP addresses globally running ATG systems on port 10001/tcp. After filtering out what appear to be honeypots — flagged by their use of ports 8001 and 9001 — 909 of the remaining devices are located in the United States.
A joint advisory issued this week by CISA, the FBI, the NSA, and the Department of Energy confirms what those numbers suggest: threat actors are actively targeting these systems, and the attacks are not theoretical. The advisory describes observed incidents in which attackers accessed internet-exposed ATG systems and modified them through direct command execution — not reconnaissance, not probing, but successful compromise followed by configuration changes.
What ATG Systems Do, and Why That Matters
An ATG is an electronic monitoring unit installed at fuel or chemical storage sites. It tracks liquid levels in underground tanks, automates inventory accounting, flags potential leaks, and helps operators meet environmental compliance requirements. At a typical gas station, the ATG runs continuously in the background, watching for anomalies that would indicate a leak before fuel reaches groundwater.
The same technology appears in industrial environments monitoring chemical tanks, where a missed leak has consequences far beyond a compliance fine. These aren’t air-gapped industrial controllers in a secured facility — the 909 exposed US devices are reachable from the open internet, often on a single, well-known TCP port.
The vulnerabilities present in exposed ATG systems span a wide range of severity and type. The joint advisory from federal agencies identifies hardcoded credentials, authentication bypasses, SQL injection flaws, OS command execution weaknesses, and privilege escalation vulnerabilities as the primary attack vectors. Some of these flaws are years old. The hardcoded credential issue alone — factory passwords that were never changed and, in some cases, cannot be changed through normal configuration — reflects a systemic design problem that has persisted across generations of industrial control hardware.
CISA’s advisory is explicit about what a successful attacker can do after gaining access: they can disable system alerts. That capability is where this stops being an embarrassing IT problem and becomes a physical safety issue. A compromised ATG that no longer flags anomalies is a tank monitoring system that no longer monitors. Fuel leaks that would have triggered automated alerts could go undetected. Equipment failures that would have prompted shutdowns could continue unchecked. In a worst-case scenario, the advisory warns, attackers could cause permanent damage to the tank systems themselves.
Iranian Hackers Already Did This
The advisory lands in a context that’s less abstract than it might appear. A CNN report from May 2026 described Iranian hackers breaching ATG systems at multiple US gas stations — systems connected to the internet with weak or nonexistent passwords. Once inside, the attackers manipulated the display readings shown to operators. They did not, according to available information, alter actual fuel levels. No physical damage resulted from those specific incidents.
That outcome — display manipulation without physical consequence — is not a reason to treat those intrusions as minor. It demonstrates that the access was real, the control was real, and the decision not to escalate was the attackers’. The gap between changing what a screen shows and changing what a valve does is a matter of intent, not technical barrier.
The US government has not attributed the broader pattern of ATG attacks described in the joint advisory to any specific nation-state or threat group. The Iranian incidents were linked to known Iranian hacking groups based on their documented history of targeting fuel management systems and industrial control technologies — a pattern established long before these specific breaches.
One month earlier, in April 2026, a separate joint advisory connected Iranian state-backed hackers to attacks on Rockwell Automation and Allen-Bradley programmable logic controllers, active since March 2026. Those attacks caused financial losses and operational disruptions at affected facilities. Cybersecurity firm Censys found that 74.6% of exposed industrial control systems globally — 3,891 hosts out of the total identified — were located in the United States. That figure applies to PLC devices specifically, but it maps to the same broader pattern: US industrial infrastructure is disproportionately exposed on the open internet.
What the Advisory Actually Recommends
The federal agencies’ recommendations are direct and, in most cases, achievable without significant infrastructure investment.
The first and most immediate step is removing ATG systems from public internet access entirely. Where remote access is operationally necessary, it should run through a firewall, a VPN, or a tightly controlled access list — not directly on a public IP. Default and hardcoded passwords should be replaced with strong credentials wherever the device firmware allows it. Security updates should be applied. Systems should be monitored for unauthorized configuration changes. Multi-factor authentication should be implemented wherever supported.
None of these steps are novel. They appear in nearly every ICS security framework published in the last decade. The reason 909 US ATG systems remain exposed despite years of advisories about exactly this class of problem is that the organizations operating them — often small fuel retailers or independent gas station operators — lack dedicated security staff and have no regulatory requirement to audit their OT exposure. The ATG was installed, connected to a network for remote monitoring convenience, and never revisited.
The Monitoring Problem That Compounds the Exposure
There is a secondary issue that the Shadowserver scan makes visible. Shadowserver added ATG scanning to its Accessible ICS reporting specifically because this class of device had not previously been tracked at scale. The 1,061 devices identified represent what is detectable from the outside — systems running on a known port, responding to queries. Devices configured differently, sitting behind carrier-grade NAT, or using non-standard ports may not appear in that count.
The real number of exposed ATG systems is likely higher than what Shadowserver’s scan captured.
At the same time, the advisory’s timing reflects something worth noting: active exploitation was already observed before this warning was issued. CISA and its federal partners are describing attacks that happened, not attacks they are anticipating. The scan data, the Iranian breach reporting, and the advisory all point to the same window — these systems have been reachable and attackable for long enough that multiple incidents have already occurred.
What Sits at the End of This Exposure
A fuel leak at a gas station that goes undetected because the ATG alert was silenced by an attacker doesn’t produce an immediate dramatic event. It produces a slow leak into the surrounding soil, potentially into groundwater, over days or weeks before anyone notices manually. Environmental remediation for a fuel spill of that kind runs into the hundreds of thousands of dollars, and cleanup timelines stretch across years.
The cost of replacing a default ATG password is zero.
