{
    "@context": "https://schema.org",
    "@type": "NewsArticle",
    "@id": "https://hostdir.net/blog/over-900-us-fuel-tank-gauge-systems-exposed-online-under-active-attack",
    "headline": "Over 900 US Fuel Tank Gauge Systems Exposed Online, Under Active Attack",
    "alternativeHeadline": "Joint federal advisory warns of malicious cyber activity targeting automatic tank gauges at gas stations and industrial sites.",
    "url": "https://hostdir.net/blog/over-900-us-fuel-tank-gauge-systems-exposed-online-under-active-attack",
    "datePublished": "2026-06-09T21:44:00+00:00",
    "dateModified": "2026-06-10T03:07:34+00:00",
    "author": {
        "@type": "Organization",
        "name": "HostDir News Desk",
        "url": "https://hostdir.net"
    },
    "publisher": {
        "@type": "Organization",
        "name": "HostDir",
        "url": "https://hostdir.net",
        "logo": {
            "@type": "ImageObject",
            "url": "https://hostdir.net/assets/logo.svg"
        }
    },
    "image": "https://hostdir.net/uploads/news/b680a8c3abf0edf5.webp",
    "description": "More than 900 automatic tank gauge systems in the US are exposed to the internet and under active attack, according to a joint advisory from CISA, FBI, NSA, and other agencies. Threat actors can alter readings, disable alarms, and disrupt operations.",
    "articleSection": "Security",
    "articleBody": "More than 900 automatic tank gauge (ATG) systems in the United States are exposed to the internet and under active attack, according to a joint advisory published this week by CISA, the FBI, the NSA, and five other federal agencies. The systems monitor fuel and chemical storage tanks at gas stations, industrial facilities, and other critical infrastructure sites.The advisory, co-signed by the Department of Energy, the Environmental Protection Agency, the Transportation Security Administration, the Department of Transportation, and the Department of Agriculture, warns that threat actors are exploiting internet-connected ATGs to alter tank readings, manipulate pump controls, and disable safety alerts. The agencies said they are aware of malicious cyber activity targeting these systems in the United States but did not attribute the attacks to any specific group.US accounts for 90% of exposed ATGs worldwideFollowing the advisory, the Shadowserver Foundation conducted widespread scans and found 909 exposed ATGs in the United States. The next most exposed countries were Canada with 30, Australia with 22, and the United Kingdom and Brazil with four each. The US share represents more than 90% of all discoverable ATGs on the open web.909 exposed ATGs in the US as of June 202630 in Canada, 22 in Australia, 4 each in the UK and BrazilNearly 6,000 ATGs were exposed a decade ago, indicating a significant reduction but still a large attack surfaceATGs are often legacy devices running unpatched firmware with known vulnerabilitiesResearchers at Bitsight previously found seven critical zero-day vulnerabilities across six popular ATG models, including command injection flaws with CVSS scores of 9.8Legacy design and unpatched bugs create persistent riskATGs are built for reliability and long field life, often without downtime for updates. They run legacy software stacks and lack the complexity to support security tools. This design philosophy leaves them vulnerable to command injection and other exploits that can give attackers full control over tank monitoring and alarm systems.The joint advisory urges site owners to immediately remove ATGs from direct internet exposure, use firewalls and VPNs for remote access, apply available patches, and monitor for unauthorized changes. The agencies also recommend conducting a full inventory of all ATG devices and verifying that default credentials have been changed. With active attacks already underway, the window for remediation is narrow.",
    "mainEntityOfPage": "https://hostdir.net/blog/over-900-us-fuel-tank-gauge-systems-exposed-online-under-active-attack",
    "citation": [
        {
            "@type": "CreativeWork",
            "name": "Exposed Fuel Tank Gauges Under Attack in the US",
            "url": "https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us"
        },
        {
            "@type": "CreativeWork",
            "name": "Over 900 US gas station tank gauge systems exposed to attacks",
            "url": "https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/"
        }
    ],
    "_hostdir": {
        "kind": "news-article",
        "slug": "over-900-us-fuel-tank-gauge-systems-exposed-online-under-active-attack",
        "canonical": "https://hostdir.net/blog/over-900-us-fuel-tank-gauge-systems-exposed-online-under-active-attack",
        "category": "security",
        "sources": [
            {
                "url": "https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us",
                "title": "Exposed Fuel Tank Gauges Under Attack in the US",
                "source_name": "Dark Reading",
                "source_slug": "darkreading"
            },
            {
                "url": "https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/",
                "title": "Over 900 US gas station tank gauge systems exposed to attacks",
                "source_name": "BleepingComputer",
                "source_slug": "bleeping-computer"
            }
        ],
        "fact_checks": [
            {
                "claim": "Over 900 automatic tank gauge systems in the US are exposed to the internet.",
                "source_url": "https://www.bleepingcomputer.com/news/security/over-900-us-gas-station-tank-gauge-systems-exposed-to-attacks/",
                "verdict": "verified"
            },
            {
                "claim": "The joint advisory was published by CISA, FBI, NSA, DoE, EPA, TSA, DOT, and USDA.",
                "source_url": "https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us",
                "verdict": "verified"
            },
            {
                "claim": "The US has 909 exposed ATGs, Canada 30, Australia 22, UK and Brazil 4 each.",
                "source_url": "https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us",
                "verdict": "reported"
            },
            {
                "claim": "Researchers at Bitsight found seven critical zero-day vulnerabilities across six ATG models.",
                "source_url": "https://www.darkreading.com/cyberattacks-data-breaches/exposed-fuel-tank-gauges-attack-us",
                "verdict": "reported"
            }
        ],
        "internal_links": [
            {
                "anchor": "create",
                "target_url": "/providers/create",
                "target_kind": "provider"
            },
            {
                "anchor": "under",
                "target_url": "/providers/under",
                "target_kind": "provider"
            }
        ],
        "attribution": "HostDir News Desk — https://hostdir.net/blog/over-900-us-fuel-tank-gauge-systems-exposed-online-under-active-attack"
    }
}