A hacker group has claimed responsibility for a large-scale cyberattack on Iran’s maritime sector, targeting dozens of oil tankers and cargo ships. The hackers disabled communications on more than 60 vessels, creating serious disruption in the fleet’s operations.
Hackers Strike Iran’s Maritime Systems
According to the group, they managed to break into the systems of the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Lines (IRISL). Together, these two companies manage much of Iran’s global oil and cargo transportation. By breaching these systems, the hackers disrupted operations on 39 tankers and 25 cargo ships.
Hackers reportedly carried out the cyberattack by infiltrating the networks of an Iranian IT and telecoms holding company that operates the ships’ systems. Once inside, the hackers claimed they obtained root-level access and took complete control over the critical software used for the ships’ satellite terminals.
🔓 Massive cyberattack rocks French defense giant—hackers claim 1TB breach
The attack struck at the very heart of maritime operations. It cut vessels off from their main communication links and caused a blackout between ships and shore stations. It also disabled the Automatic Identification System (AIS) tracking, which normally tracks vessel positions and ensures safety at sea. In addition, it shut down satellite connections used for secure data transfers and navigation updates.
Hackers Disrupt Naval Maneuvers
The timing of the cyberattack added to its impact. It coincided with ongoing Iranian naval maneuvers in the Gulf of Oman, a region that already experiences high levels of military activity and surveillance. With both naval exercises and civilian shipping operations affected, the hackers caused additional complications for Iran’s maritime logistics.
Reports indicated that communication blackouts on the affected ships not only made it difficult to track their movements but also disrupted coordination between ships at sea and their command centers on land. For vessels carrying oil, cargo, and other essential supplies, the lack of communication increased operational risks.
APT-28’s New Playbook: Hack Into Your Cameras, Map Your Defenses, Wait for the Strike
The disabling of AIS tracking was particularly significant. AIS systems are vital for preventing collisions and ensuring transparency of vessel movements. Without this system, ships effectively become invisible to monitoring stations, raising both security and safety concerns.
Satellite links, which connect ships to global communication networks, were also taken offline. This prevented the transmission of essential data such as weather updates, navigational corrections, and safety alerts. In a busy and strategically important region like the Gulf of Oman, such communication blackouts can lead to major complications.
Previous Cyber Attacks on Iranian Vessels
This incident is not the first time hackers have claimed responsibility for disrupting Iranian shipping operations. In March 2025, the same group announced that it had carried out a similar cyberattack, disabling communications on 116 Iranian vessels. That earlier attack coincided with US military operations against Iran-backed Houthis in Yemen, creating widespread disruption across regional waters.
The March incident showed how vulnerable maritime systems can be when targeted by hackers. By attacking the central communication software of vessels, hackers were able to cripple large parts of Iran’s fleet with minimal effort. The latest attack appears to follow the same pattern, suggesting that the hackers continue to have access to critical networks within Iran’s shipping sector.
🔥 Russian hackers shut down Polish hydroelectric plant in dangerous cyberattack near Gdansk
Both incidents highlight the growing importance of cybersecurity in the maritime industry. Ships today rely heavily on digital systems for communication, navigation, and coordination. Any disruption to these systems can cause large-scale problems, especially in areas where military tensions and shipping routes overlap.
The most recent cyberattack has once again demonstrated how hackers can affect physical infrastructure on a massive scale. With oil tankers and cargo ships at the center of Iran’s economy, the disabling of communications on more than 60 vessels represents a significant blow to its maritime operations.