en.Wedoany.com Reported - The Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and other federal agencies, recently issued a joint warning stating that hackers have targeted Automatic Tank Gauging (ATG) systems in threat activities across multiple industry sectors.

According to the guidance released by the agencies, ATG systems are used to measure temperature, detect fuel or other liquid levels, and identify leaks. Hackers have compromised devices exposed to the internet and exploited command execution functions to disable alarms or otherwise conceal their monitoring activities. Authorities listed various access vectors exploiting ATG system vulnerabilities, including: authentication bypass and hardcoded credentials enabling hackers to gain access to device management interfaces; operating system command execution and Structured Query Language (SQL) injection allowing hackers to execute arbitrary code and manipulate underlying databases; and privilege escalation enabling hackers to obtain full administrative access to the operating system and device applications. Federal authorities urged operators to secure these systems by disconnecting them from the internet, changing default passwords, and applying security patches.

Federal authorities have not attributed these attacks to any specific organization, but CNN previously reported on investigations into ATG system hacks serving gas stations across multiple U.S. states. The threat activity is suspected to be linked to Iran-associated hackers, though federal officials have not publicly confirmed this connection.

Operational Technology (OT) security experts noted limitations in hackers' ability to manipulate these devices. Markus Mueller, Field Chief Information Security Officer at Nozomi Networks, stated that malicious actors could control ATG systems and disrupt their functions (including leak detection), but could not cause leaks through ATG systems. Similarly, malicious actors could disrupt the ability to fill tanks or use them to fuel vehicles. According to the Food and Agriculture Information Sharing and Analysis Center (Ag-ISAC), these devices are widely used beyond gas stations, including for monitoring food in agricultural equipment and bulk chemical storage. Jonathan Braley, Director of Threat Intelligence at Ag-ISAC, stated that compromised ATG systems could disrupt harvesting operations, trigger false safety alarms, or interfere with food-grade storage, thereby having downstream impacts on food supply continuity.

CISA and the FBI previously issued warnings about threat activities targeting U.S. water and energy utilities, linked to Iran-related conflicts. The threat advisory, released in April, noted that these attacks have caused operational and financial impacts. Iran-associated hacker groups have a history of targeting vulnerable U.S. water utilities and other industrial systems, dating back to the 2023 Gaza war. Agencies involved in compiling this guidance include the Environmental Protection Agency (EPA), the Department of Energy (DOE), the National Security Agency (NSA), the Department of Transportation (DOT), the Transportation Security Administration (TSA), and the Department of Agriculture (USDA).

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com