DOE was first alerted to the attacks by the Tennessee Fuel & Convenience Store Association earlier this month.
On or around March 8, 2026, an unattributed cyber threat actor targeted and obtained access to internet-connected ATGs at locations in the United States.
All ATGs accessed were found to expose TCP port 10001, the default serial port, at the time of the reported exploitation.
Based on information received and assessed by a supporting organization, it appears that no security code(s) or password(s) were set on the devices, allowing the cyber threat actor to execute various commands and modify the ATG alarm levels.
ETAC is aware of multiple publicly available tools and articles that make this exploitation trivial.
Based on these findings, ETAC recommends that ATG owners implement the following recommendations:
1. Do not directly expose the ATG serial port (default TCP port 10001) or any other applicable web interfaces on the device to the internet. If remote access to the serial port is required, consider the following options:
a. Use a firewall, an access control list, or a VPN to limit access to the port.
b. Require a security code or password to access the serial port.
2. Audit and monitor logs to identify exposures of ATG device interfaces, unauthorized connections, suspicious alarms, modifications to alarm thresholds, tank label changes, and other system changes.
For additional mitigation guidance, please see the U.S. Department of Energy’s “Primary Mitigations to Reduce Cyber Threats to Operational Technology.”
Click Here for a copy of the advisory.
Resource Link:
[Posted: April 29, 2026] PA Environment Digest
No comments :
Post a Comment