Maritime cyberattacks doubled in 2025, according to a new report by Korean cybersecurity firm Cytur. The surge was driven largely by a sharp rise in malware infections and distributed denial of service (DDoS) attacks, alongside increasingly sophisticated supply chain intrusions.
Among the most concerning cases were high-level breaches of shoreside service providers, allowing attackers to gain insight into – or even remote access to – entire fleets.
One notable example involved the Iranian satellite communications provider Fanava, which was penetrated by cyber threat group Lab Dookhtegan. By compromising Fanava, the attackers gained fleetwide access to ship-to-shore communications for Iranian tankers.
During the intrusion, the group reportedly gained control over onboard VOIP services, stole corporate documents, accessed data from shipping line, and destroyed shipboard modems by overwriting partitioned memory, requiring physical hardware replacement
The breach demonstrated how vulnerabilities at the service-provider level can expose entire fleets.
Cytur reports that cybercriminals are increasingly monetizing stolen vessel data. Illicit information found for sale on the dark web includes voyage logs, cargo manifests, ship design schematics
A common tactic involves encrypting a vessel’s Planned Maintenance System (PMS) and demanding ransom for access restoration. Operators often pay to avoid public release of sensitive internal data.
Distributed denial of service (DDoS) attacks remain a frequent method of disruption. Hackers may compromise onboard routers and IT infrastructure, overwhelming satellite communications systems and temporarily cutting ships off from shore-based offices.
More alarming are attacks targeting operational technology (OT), including engine control and ballast water management systems. Cytur warns that remote diagnostic protocols embedded in OEM equipment create potential entry points for hackers. A successful breach of propulsion or ballast controls could have catastrophic consequences.
Looking forward, Cytur anticipates the emergence of AI-assisted and autonomous hacking campaigns. According to CEO Cho Yong Hyun, AI tools may lower the technical barrier for cybercrime, enabling a broader range of actors to conduct sophisticated attacks.
The report underscores a growing industry consensus: cybersecurity has become a core component of maritime safety and operational resilience.
