Cyber Hackers Claim to Have Disabled Iranian Ship Communications
A shadowy group of cyber hackers is claiming that it launched a massive attack and has successfully disabled communications for much of Iran’s merchant fleet. While the report cannot be independently verified, the group which calls itself Lab Dookhtegan is known and according to experts is credible in its attacks.
The report is gaining wide media attention including in Iran. Neither government officials nor the shipping companies, the National Iranian Tanker Company or Islamic Republic of Iran Shipping Company, have publicly commented or denied the claims.
Lab Dookhteganposted messages on Telegram and X boasting of its accomplishments saying it was to celebrate the sixth anniversary of its operation. “In an unprecedented move, we successfully disrupted the communication network of two Iranian companies that, among various terrorist activities, are responsible for supplying munitions to Houthis,” the group wrote while also reposting links to reports from the Iranian media.
It claimed to have also timed the attack to coordinate with the U.S.’s current offensive against the Houthis and in parallel to the U.S. and European sanctions against Iranian shipping. It asserts that the communications for 50 ships belonging to the National Iranian Tanker Company and 66 ships operated by the Iran Shipping Lines have been disabled. Lab Dookhtegan reports it will take weeks to fully restore communications.
“Ship personnel can no longer communicate with one another, and their connection to the ports and outside world has been severed,” the group said in its online statements.
Speculation is that the communications would also impact the vessels' coordination with the Iranian military and other authorities. The Iranian media speculates the vessels use encrypted networks to speak with the military but likely depend on satellite communications systems such as VSAT (Very Small Aperture Terminal) technology. They said it would be impacting the ability to coordinate operations, transmit data, and navigate.
The speculation is that the vessels might be limited to traditional radio systems with VHF and HF frequencies used for short-range communications, such as ship-to-ship and ship-to-shore.
Cyber security analysts at Cydome published an analysis of Lab Dookhtegan noting while there was no evidence of this attack or its results it was based on the previous credibility of the group. They said while the group does not disclose its exact tactics, they believe the group uses a search engine device that could locate ship satellite terminals. They speculate the group could have remotely compromised the terminals using factory-set passwords, giving it the ability to alter system settings or even upload malicious firmware.
Furthermore, they believe there would have been a high degree of automation and coordination required to deliver malware or malicious commands to 116 vessels simultaneously. They speculate it may have involved prior reconnaissance and required advanced capabilities.
Based on this attack, Cydome is recommending that all shipping companies perform a comprehensive risk assessment. They cite the need to install a dedicated maritime cybersecurity solution that is independent of the communications devices.
If this attack is proven legitimate, it would not be the first time Iranian shipping has reportedly fallen vulnerable to cyberattacks. In 2024, unconfirmed reports from NBC News said the American forces carried out a cyberattack targeting an Iranian spy ship. The vessel was thought to be playing a role in the targeting of merchant ships for the Houthi militants in Yemen.
Top photo from Iran's Tasnim News Agency -- CC BY 4.0
Cargo of Rocket Fuel Now Just Three Days From Iranian Port
MV Jairan, loaded with sodium perchlorate in China, is an estimated three days’ sailing from its home port destination in Bandar Abbas, Iran. As of Sunday, the vessel is cruising at 12-13 knots west of Mumbai and has about 850 nautical miles to go.
MV Jairan was the second of two sanctioned Islamic Republic of Iran Shipping Lines (IRISL) ships that berthed in Shanghai during January to load the chemical, which is the main precursor for ammonium perchlorate, used by most Iranian medium range solid-fuel ballistic missiles. The same material has been intercepted en route from Iran to Houthi forces in Yemen, where it is used to fuel the Palestine-2 missiles which have in recent days been fired at Israel. The Palestine-2 is a derivative of the Iranian Fateh-110 missile.
Recent satellite imagery of the Bandar Abbas Naval Harbor shows a large number of vessels present, as might be expected over Ramadan, including three Moudge/Alvand Class frigates, the intelligence collection vessel IRINS Zagros (Pennant 313) and the one Kilo Class submarine that is believed to be operational. Also present on its usual pier in the outer harbor was the long-range logistic vessel IRINS Makran (K441).
Providing picket coverage of the Iranian coast in the Northern Indian Ocean, according to open source intelligence expert Intelshizo, are three IRGC Navy intelligence collection vessels, the MVs Saviz, Artenos and Sheba. These should be able to provide maritime threat information coverage for the MV Jairan shortly.
Iran Puts Diego Garcia on its Target Deck
Iran’s Press TV, which normally identifies with hardline factions within the Iranian political system, has included the joint UK-US base on Diego Garcia amongst a list of US bases in the Middle East region which would be ‘within Iran’s cross-hairs’ for retaliatory strikes should either the United States or Israel launch attacks on Iran.
The article acknowledges a negotiation of sorts is underway between Iran and the United States, with Iran currently framing its response to a letter from President Trump passed to the Iranians through intermediaries.
The list of US bases on the target list also includes Al Udeid Air Base (Qatar), Al Dhafra Air Base (UAE), Naval Support Activity Bahrain, Dimona Radar Facility (Israel), Muwaffaq Salti Air Base (Jordan), Camp Arifjan (Kuwait) and Ain al-Assad Airbase (Iraq). The article includes satellite imagery of each facility.
The article suggests that deep-water piers, anchorages and port facilities of Camp Thunder, plus deployments of B-1 Lancer, B-2 Spirit and B-52 Stratofortress bombers on Diego Garcia’s airfield would be targets. It suggests that Diego Garcia is within the 4000km range of Iranian Khorramshahr missiles and Shahed-136B kamikaze drones, but also of missiles and drones launched from Iranian naval vessels such as the drone carriers Shahid Mahdavi (C110-3) and Shahid Bagheri (C110-4).
Negotiations over the future of Diego Garcia have stalled for the time being, while the United Kingdom awaits a formal response from the United States on the provisional agreement reached with the new Mauritian government. While President Trump signaled approval of the deal, he made it clear that it had not been studied in detail, with a range of potential difficulties which could yet be identified.
In the United Kingdom, political opposition has been mounting to the overall structure of the deal, which entails the United Kingdom paying large additional sums of money to Mauritius, probably sourced from the defense budget, without receiving any quid pro quo from the United States, whilst passing sovereignty over the Chagosian population without consultation or their consent to Mauritius.
Leaks from the United States, the United Kingdom and most prolifically from Mauritius give contradictory accounts of the current status of negotiations. But it seems likely that all parties want to pause the talks for the present, while the United States is apparently considering whether it should make a direct bid for sovereignty for the 60 km2 tropical paradise itself, given both its defense utility and potential as a resort destination.
No comments:
Post a Comment