NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely on - here's what we know

1. Pro
2. Security

NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely on - here's what we know News By Sead Fadilpašić published 4 June 2026

ATG owners are urged to tighten up on security

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter

• Agencies warn of attacks on ATG systems
• Attackers exploit weak credentials and SQL injection
• Mitigation includes stronger passwords and removing internet exposure

Critical infrastructure organizations should move to harden their Automatic Tank Gauge (ATG) systems to defend against ongoing attacks. This is the warning given earlier this week by the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and other agencies.

In a joint press release, these agencies said they were “aware of malicious cyber activity targeting US-based automatic tank gauge systems.”

“The authoring organizations urge ATG owners and operators to defend against this malicious activity by securing their ATG systems with strong passwords and by removing them from the internet to reduce public exposure.”

Latest Videos FromWatch full video here:

A list of mitigations

ATG systems are monitoring devices used in fuel storage tanks that automatically measure fuel levels, temperature, potential leaks, and other vitals, helping operators manage inventory and detect problems early.

The agencies could not attribute the ongoing attacks to any specific threat actor or nation-state but did say what the companies should pay attention to. Apparently, the attackers are either using hardcoded credentials, command execution and SQL Injection attacks, or privilege escalation, to access the devices.

You may like

• US agencies warn Iranian hackers are targeting American critical infrastructure — causing 'disruptive effects within the United States'
• The new reality of critical infrastructure security in the age of hybrid threats
• Secure your Microsoft system or suffer the same fate as Stryker – US tells companies to secure corporate accounts

Once they are inside, the attackers usually change system attributes (network settings, product identifiers, tank volumes, pump controls), compound operational malfunctions, and disable system alerts.

The advisory lists a number of things organizations can do to mitigate the risk, including eliminating public internet exposure, restricting access, and enforcing tougher credential security. The full list of mitigation suggestions can be found on this link.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Securing critical infrastructure has always been a challenge for nation-states, and now with the advent of AI, it has only gotten more difficult. To that end, earlier this week, the UK GCHQ debuted the world’s first AI cyber-defense system

In an annual lecture held earlier this week at Bletchley Park, GCHQ director Anne Keast-Bulter laid out the plans for the shield, mentioning that Russia and China are posing an ever-increasing cyber-threat to the UK’s national interests and way of life.

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

CATEGORIES Cyber Security Computing Security Computing Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

View More

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Security US agencies warn Iranian hackers are targeting American critical infrastructure — causing 'disruptive effects within the United States'    Pro The new reality of critical infrastructure security in the age of hybrid threats    Security Secure your Microsoft system or suffer the same fate as Stryker – US tells companies to secure corporate accounts    Security China-nexus cyber actors' are turning routers and IoT infrastructure into covert botnets 'at scale' – NCSC, Five Eyes, and others warn of campaign involving Typhoon-designated groups    Security CISA warns that Nx Console and GitHub repositories abused in multiple supply chain compromises – tools across enterprise, cloud, and DevOps environments exploited    Pro Why our national sovereignty depends on cyber resilience    Latest in Security Security ‘Data can place the lives of frontline military or other personnel at risk’: FBI warns that China is luring Western military and intelligence operatives with 'gig-work' job offers to steal secrets    Security Hackers could use poisoned WhatsApp and Slack notifications to take over your Google Gemini – and make it work on their behalf    Security Meta, Starlink and Microsoft team up with the FBI to delete over 1.4 million accounts and seize millions in cryptocurrency related to huge scam networks targeting Americans    Security Huge hacking campaign uses spoofed Ghidra, dnSpy, and SpiderFoot security tools to harvest ad revenue and serve malware    Security Microsoft is ditching password-based authentication tomorrow – Edge browser will switch to Windows Hello access    Security 'You can no longer do things at human ​scale': Cisco releases AI agent botnet that works on behalf of your business    Latest in News Gaming Accessories Belkin's new Nintendo Switch 2 Grip could solve my biggest problem with handheld mode    Speakers Ruark's new R710 Music Console supports CD, vinyl, and hi-res streaming    Gaming 'At least they're honest about it?' —Tomb Raider: Legacy of Atlantis is the latest game to come with an AI-generated content disclosure    How to Watch Football How to watch Spain vs Iraq: Free Streams & TV Channels for World Cup 2026 warm-up match    Entertainment Tip Toe full episode release date on Channel 4    Disney Plus When might Toy Story 5 be released on Disney+? Here's what we predict    LATEST ARTICLES

1. 1NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely on - here's what we know
2. 2Belkin's new Nintendo Switch 2 Grip could solve my biggest problem with handheld mode
3. 3Ruark's new R710 Music Console supports CD, vinyl, and hi-res streaming
4. 4'At least they're honest about it?' —Tomb Raider: Legacy of Atlantis is the latest game to come with an AI-generated content disclosure
5. 5How to watch France vs Ivory Coast: FREE streams, TV channels for World Cup 2026 warm-up