The FBI, Department of Energy, and other federal agencies on Wednesday issued a warning that hackers are targeting systems that are used at gas stations across the country, noting that it has observed malicious activity impacting automatic monitoring systems for fuel and liquid storage.
According to the notice, “recent malicious cyber activity” was observed by U.S. government officials involving “cyber threat actors compromising internet-exposed ATG (automatic tank gauge) systems.”
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Environmental Protection Agency (EPA), and several other agencies also signed onto the notice.
Government officials said they have “not yet attributed to a nation-state or threat actor group” for the recent cyber activity against the ATG systems.
The advisory urged companies and other organizations to block their ATG systems from internet access, use virtual private networks (VPNs), restrict access through firewalls, replace default passwords, use stronger credentials or multifactor authentication, and other changes.
If not, the agencies warned, “a cyber threat actor [could] exploit these vulnerabilities and compromise an ATG system” and “could disrupt or manipulate the below critical functions by interfacing directly with the tank management as though they possessed legitimate physical access to the system console.”
A hacking group could cause “compound operational malfunctions” and other problems that “could cause permanent damage to the tank system’s critical function,” according to the advisory.
ATG systems are devices that monitor the fuel levels in storage tanks kept underground and are used to supply gas stations around the United States. They are also used in chemical tank and other liquid storage systems.
The notice issued by the FBI, CISA, and other agencies this week did not provide any specific gas station companies that may have been targeted.
While no group or nation-state actor was named in the joint statement, the FBI and other federal agencies have long warned that China, Russia, Iran, and North Korea have carried out cyberattacks targeting U.S. companies and other organizations in recent years.
Since the war between the United States and Iran started in February, Tehran-linked hackers have sought to cause disruptions to water, oil, and gas sites in the United States, according to an advisory from the FBI in April.
The FBI said that an Iran-affiliated group has sought “to cause disruptions to U.S. critical infrastructure organizations,” adding that “targeting campaigns against (US) organizations have recently escalated, likely in response to hostilities between Iran, the United States, and Israel.”
Hackers supporting Iran claimed responsibility for a significant cyberattack in March against U.S. medical device company Stryker. They also have targeted data centers in the Middle East along with industrial facilities in Israel, a school in Saudi Arabia, and an airport in Kuwait.
In 2024, Iranian hackers infiltrated the email system of then-presidential candidate Donald Trump’s campaign and later tried to disseminate files that the hackers said they stole. Hackers linked to Iran also tried to hack into the WhatsApp accounts of both Trump and his Democratic opponent at the time, President Joe Biden.
The activity prompted the Department of Homeland Security to issue a public warning in June 2025 about Iranian cyber threats.
FBI Director Kash Patel’s personal email also was hacked by an Iran-linked group, which prompted the Department of State to offer a $10 million reward for the “identification of the Handala Hack Team out of Iran.”
The Associated Press contributed to this report.
Friends Read Free
Copy
Facebook
Tweet
