A coordinated campaign is targeting Automatic Tank Gauge (ATG) systems across the U.S. energy sector, exploiting vulnerabilities in Modbus and proprietary serial-to-IP communication protocols. Attackers are leveraging insecure remote access gateways, such as cellular modems and VPNs, and exploiting hardcoded credentials or unauthenticated interfaces to gain unauthorized access. By injecting commands or spoofing telemetry data, actors can manipulate liquid level and pressure readings, potentially masking containment leaks or triggering false-positive emergency shutdowns. The lack of network segmentation between IT corporate environments and OT tank consoles facilitates lateral movement, creating significant risks of environmental contamination and fuel supply chain instability.
-
Campaign Overview: OT Targeting
- Coordinated wave of cyberattacks specifically targeting fuel and liquid monitoring Operational Technology (OT).
- High-priority focus on critical infrastructure within the U.S. petroleum and energy sectors.
- Exploitation of the systemic security gap where ATG systems are overlooked by traditional IT security frameworks.
-
Technical Attack Vectors: Entry and Access
- Vulnerabilities in Modbus and proprietary serial-to-IP conversion protocols used for tank communication.
- Compromise of remote monitoring gateways via insecure cellular modems and inadequately configured VPNs.
- Use of hardcoded credentials and unauthenticated command interfaces embedded in tank gauge hardware.
- Lateral movement enabled by a lack of strict network segmentation between corporate IT and OT tank console environments.
-
Exploitation Mechanics: Telemetry Manipulation
- Telemetry spoofing used to manipulate reported liquid volumes, temperatures, and leak statuses.
- Unauthorized command injection to alter sensor data, bypassing safety thresholds.
- Ability to suppress critical alarms or generate false-positive leak alerts to disrupt operations.
-
Operational and Environmental Impact
- Masking of actual containment leaks, leading to undetected soil and groundwater contamination.
- Increased risk of tank overfills or structural failures due to manipulated sensor telemetry.
- Economic disruption caused by fuel supply chain instability and costly, unnecessary emergency shutdowns.
-
Defensive Mitigation Strategies
- Implementation of strict network segmentation and industrial firewalls between IT and OT zones.
- Immediate auditing of ATG hardware to remove hardcoded credentials and disable unauthenticated interfaces.
- Hardening of remote access gateways with multi-factor authentication (MFA) and encrypted tunnels.
- Deployment of OT-native monitoring to detect anomalous Modbus traffic and telemetry deviations.
Related posts
- Cybersecurity News — CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems
- bleepingcomputer.com — CISA warns of cyberattacks targeting fuel tank monitoring systems
- Socdefenders
- Paenvironmentdaily
- Ic3
- Papetroleum
- Industrialcyber
- Allcybernews
- Industrialcyber
- Cybernews
- Cyberpress
- csoonline.com — Malware could drain your fuel tank as well as your bank account
- bleepingcomputer.com — Over 900 US gas station tank gauge systems exposed to attacks
- Cybersecuritynews
- Scworld
- Gbhackers
- Nsa
- Hstoday
- Westoahu
- Techradar
- Windowsforum
- Thecybersignal
- Concisecyber
- App
- Blog
- Rescana
- Iotinsider