Lab Dookhtegan, an Iranian anti-government hacktivist group, has claimed responsibility for disrupting communications across more than 100 oil tankers. These vessels, owned by two Iranian companies with alleged ties to government operations circumventing international sanctions, were targeted in a large-scale cyberattack. According to the group, the attack completely severed communication both within the ships and between the ships and shore-based operations, effectively grounding the vessels’ ability to connect to external networks and preventing internal crew communication.
The cyberattack exploited vulnerabilities in the maritime satellite communication systems, specifically targeting the Very Small Aperture Terminal (VSAT) technology used by these vessels for external communication. Communication systems on ships are common targets for cyberattacks, and weaknesses in satellite terminals have been well-documented. Hackers can exploit such vulnerabilities by using default factory passwords, gaining access to communication systems, and potentially uploading malicious software or altering system settings remotely.
Lab Dookhtegan reportedly gained elevated access to the ships’ communication systems, which allowed them to disrupt operations on a broad scale.
The group’s coordinated attack on 116 vessels, all at once, suggests advanced planning and automation. Cybersecurity analysts point out that such a large, synchronized attack requires detailed reconnaissance and sophisticated, customized exploits. It also implies that the group might have collaborated with other entities that share their anti-government stance, as hinted by their statement about working with “friends who are enemies of our enemies.”
This attack underscores a significant concern for the broader maritime sector, highlighting how vulnerable maritime communication systems are to cyber threats.
It emphasizes the growing need for advanced cybersecurity measures that do not solely rely on external connectivity. As seen in this attack and other targeted assaults on maritime companies, such as phishing campaigns and cyber-espionage efforts, the maritime industry is becoming an increasingly important battleground for cyber warfare. This incident has brought to light the critical need for independent, resilient communication systems that can withstand sophisticated cyberattacks.
Reference:
