On September 5th, 2019, COSCO Shipping a major Chinese state-owned shipping conglomerate faced a GPS spoofing attack targeting its oil tanker, *Jin Nui Zou*, at the Port of Dalian. The attack manipulated the vessel’s Automatic Identification System (AIS), causing erratic position data, including false high-speed movements and a final 'crop circle' pattern centered on land within the oil terminal. This incident was part of a broader campaign affecting 20+ Chinese coastal sites, likely a countermeasure against U.S. sanctions on Iranian crude imports. The spoofing disrupted 9 oil terminals across two terminal areas, risking navigational safety, operational integrity, and potential collisions or groundings due to false positioning. While no direct data breach or ransomware was involved, the attack undermined maritime cybersecurity, exposed vulnerabilities in critical infrastructure, and posed risks to global supply chains particularly for energy transport. The incident highlighted how state-aligned cyber operations could weaponize GPS spoofing to evade sanctions enforcement, with broader implications for geopolitical tensions and economic stability in the region.
Source: https://www.maritime-executive.com/editorials/patterns-of-gps-spoofing-at-chinese-ports
TPRM report: https://www.rankiteo.com/company/coscoshipping
"id": "cos435092125",
"linkid": "coscoshipping",
"type": "Cyber Attack",
"date": "6/2019",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': ['Maritime', 'Oil shipping', 'Logistics'],
'location': 'Dalian, China',
'name': 'China Shipping Tanker Company Ltd',
'type': 'Subsidiary'},
{'industry': ['Shipping',
'Logistics',
'Energy transport'],
'location': 'China',
'name': 'COSCO Shipping',
'type': 'Parent company'},
{'industry': 'Maritime',
'location': 'Dalian, China',
'name': 'Port of Dalian',
'type': 'Port authority'}],
'attack_vector': ['GPS signal spoofing', 'AIS data manipulation'],
'data_breach': {'sensitivity_of_data': 'Moderate (operational maritime data)',
'type_of_data_compromised': ['GPS positional data',
'AIS tracking data']},
'date_detected': '2019-09-05',
'description': 'On September 5th, 2019, a GPS spoofing incident occurred at '
'the Port of Dalian, China, affecting the oil tanker *Jin Nui '
'Zou* (owned by China Shipping Tanker Company Ltd, a '
"subsidiary of COSCO Shipping). The vessel's AIS tracking data "
'showed erratic behavior, including scattered positions, '
'unrealistic high-speed movements, and a final circular '
'pattern centered on land within the oil terminal tank field. '
'The incident is part of a broader pattern of GPS spoofing '
'detected at over 20 Chinese coastal sites in 2019, '
'potentially linked to evasion of U.S. sanctions on Iranian '
'crude oil imports. A total of 9 oil terminals across two '
'terminal areas were impacted, with ship traffic forming a '
"'crop circle' pattern due to spoofing.",
'impact': {'brand_reputation_impact': ['Potential reputational damage to '
'COSCO Shipping and affiliated '
'entities due to sanctions evasion '
'allegations'],
'data_compromised': ['AIS tracking data', 'GPS positional data'],
'legal_liabilities': ['Possible violations of U.S. sanctions '
'regulations',
'Regulatory scrutiny for COSCO subsidiaries'],
'operational_impact': ['Disrupted vessel tracking',
'Potential safety risks for maritime '
'navigation',
'Misleading port authorities'],
'systems_affected': ['Automatic Identification System (AIS)',
'GPS navigation systems']},
'investigation_status': 'Reported in open-source analyses; no official '
'investigation details publicly available.',
'lessons_learned': ['GPS spoofing poses significant risks to maritime '
'navigation and sanctions enforcement.',
'AIS data alone is unreliable in high-risk geopolitical '
'contexts.',
'Need for resilient navigation systems in sanctioned '
'trade routes.'],
'motivation': ['Evasion of U.S. sanctions on Iranian crude oil',
'Disruption of maritime tracking',
'Obfuscation of ship movements'],
'post_incident_analysis': {'root_causes': ['Lack of secure GPS/AIS signal '
'protocols in maritime navigation.',
'Geopolitical tensions driving '
'spoofing as a sanctions evasion '
'tactic.',
'Inadequate detection mechanisms '
'for spoofed signals in '
'real-time.']},
'recommendations': ['Implement AIS/GPS signal authentication mechanisms for '
'maritime vessels.',
'Enhance monitoring of vessel movements in regions with '
'high spoofing activity.',
'Develop alternative navigation verification methods '
'(e.g., inertial navigation, celestial navigation).',
'Strengthen international cooperation to detect and '
'mitigate GPS spoofing in maritime domains.'],
'references': [{'source': 'C4ADS (Center for Advanced Defense Studies)'},
{'source': 'U.S. Department of the Treasury (OFAC sanctions '
'announcements)'}],
'regulatory_compliance': {'legal_actions': ['U.S. government sanctions on '
'COSCO subsidiaries'],
'regulations_violated': ['U.S. sanctions on Iranian '
'crude oil imports']},
'response': {'enhanced_monitoring': ['Potential increased scrutiny of AIS/GPS '
'data in sanctioned regions']},
'title': 'GPS Spoofing Incident at Port of Dalian, China (2019)',
'type': ['GPS spoofing', 'AIS manipulation', 'Maritime cyber incident'],
'vulnerability_exploited': ['Lack of AIS/GPS signal authentication',
'Weaknesses in maritime navigation security '
'protocols']}