Hackers claim to have disrupted communications on 116 Iranian ships
A group of hackers claims to have carried out a cyber attack that allegedly disrupted communications on 116 Iranian cargo ships.
Lab Dookhtegan launched the operation to coincide with US attacks against Houthi rebels in Yemen this week, it said on Telegram.
“In an unprecedented move, we successfully disrupted the communications network of two Iranian companies that, among various terrorist activities, are responsible for supplying munitions to Houthis,” the group added.
The hackers said they had interfered with communications between ships, as well as with ports and external third parties.
“As part of this operation, we targeted the communication network of 116 ships belonging to two major Iranian companies sanctioned by the US Department of the Treasury, the UK and the European Union,” Lab Dookhtegan added.
They claimed to have hit 50 NITC vessels and 66 controlled by the Islamic Republic of Iran Shipping Lines (IRISL).
NITC is listed by Clarksons as owning 60 tankers, landing craft and utility vessels, while IRISL has 94 ships, mainly container and bulker tonnage.
Lab Dookhtegan claimed to have significantly hindered operations.
The group said the owners would take weeks to restore their communications systems fully.
“Ship personnel can no longer communicate with one another and their connection to the ports and outside world has been severed,” the group said.
Iran International reported that Iranian vessels use a combination of satellite, radio, and encrypted digital networks.
Some reports have indicated that NITC’s fleet relies on very small aperture terminal satellite technology for offshore coordination.
The hacking group is known for previous cyber activities against Iran’s military and intelligence operations.
Iranian authorities have not commented on the claims.
The two shipping companies could not be contacted.
The hackers have said this attack was only the “tip of the iceberg”.
Tech website Cydome’s cyber research team said there is no additional evidence of the attack or its results, “and reports are based on the previous credibility of the group”.
“Vessels use two-way VSAT satellite equipment for external connectivity,” according to the researchers.
“Communication devices are known to be the common targets for cyber attacks, and vulnerabilities in network equipment are published frequently,” the researchers said.
High degree of coordination
A prior study demonstrated that an attacker equipped with Shodan, a search engine for internet-connected devices, could locate ship satellite terminals and remotely compromise them using factory-set passwords, gaining the ability to alter system settings or even upload malicious firmware, Cydome added.
“The fact that malware or malicious commands were delivered to 116 vessels simultaneously indicates a high degree of automation and coordination in the attack,” according to the Cydome researchers.
“Cyber security analysts note that executing a synchronised takedown of dozens of distributed maritime assets would require advanced capabilities,” they said.
This could possibly include prior reconnaissance of the fleet’s IT infrastructure.
Cydome said that the operation, if confirmed, carries “sobering implications” far beyond Iran.
“It underscores that maritime assets — from tankers and container ships to offshore platforms — are now firm targets in cyber warfare,” it said.
Content Original Link:
Read Full article from Original Source TradeWinds www.tradewindsnews.com
" target="_blank">Read Full article from Original Source TradeWinds www.tradewindsnews.com
