**Russian Military Hackers Suspected in Cyber Intrusion Targeting MSC Ferry**
European investigators are examining a suspected cyber intrusion by Russian military hackers targeting a ferry operated by MSC-Mediterranean Shipping Company SA, the world’s largest container shipping group. The incident occurred over the weekend in the southern French port of Sète, where the vessel—part of MSC’s Grandi Navi Veloci unit—was immobilized on Saturday as authorities assessed potential risks to operational systems. The ferry resumed its voyage to Algeria on Sunday after confirming no critical systems were compromised.
The breach attempt, which remains under investigation by French and Italian officials, is believed to be linked to Russia’s GRU military intelligence agency. Forensic analysis reportedly identified overlaps in tactics, techniques, and procedures (TTPs) with previous GRU operations, including those publicly attributed to Unit 29155 by U.S. agencies like the FBI and CISA. No official attribution has been made, and the Kremlin has not responded to requests for comment.
The attack targeted the ferry’s office computer network, aiming to impersonate legitimate users, but failed to penetrate operational systems—such as navigation, propulsion, or the Automatic Identification System (AIS)—due to network segregation and restricted remote access. Investigators noted that while sabotage was averted, the incident underscores vulnerabilities in maritime cybersecurity, particularly the risk of physical access attacks for surveillance or long-term infiltration.
This is not the first attempt against the vessel. In November, a Raspberry Pi device—a concealed miniature computer—was discovered connected to a shipboard system in a restricted area, triggering security alerts. A second device, found last week and paired with a cellular modem for remote access, was seized for forensic analysis. Authorities suspect a third device may still be active on another ship.
The incident highlights growing concerns over cyber threats to global maritime trade, which carries the majority of world commerce. Disruptions in shipping networks could have cascading effects on supply chains, critical infrastructure, and sensitive military or commercial movements. While this attack was contained, it reflects a broader pattern of state-sponsored cyber espionage targeting high-value logistics assets.
Source: https://www.insurancejournal.com/news/international/2025/12/17/851401.htm
GNV cybersecurity rating report: https://www.rankiteo.com/company/gnvferries
MSC Mediterranean Shipping Company cybersecurity rating report: https://www.rankiteo.com/company/msc-mediterranean-shipping-co--s-a-
"id": "GNVMSC1765979891",
"linkid": "gnvferries, msc-mediterranean-shipping-co--s-a-",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Shipping and logistics',
'location': 'Global (incident occurred in Sète, '
'France)',
'name': 'MSC-Mediterranean Shipping Company SA (Grandi '
'Navi Veloci unit)',
'size': "World's largest container shipping group",
'type': 'Maritime transport company'}],
'attack_vector': 'Physical access via Raspberry Pi devices with cellular '
'modems',
'description': 'European investigators are probing whether Russian military '
'hackers breached computer systems on a vessel owned by '
'MSC-Mediterranean Shipping Company SA. The ferry was '
'immobilized in the southern French port of Sète as '
'authorities confirmed operational systems were not '
'compromised. The intrusion attempt was detected and '
'neutralized by the company.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'cybersecurity concerns',
'downtime': 'Ferry immobilized for less than 24 hours',
'operational_impact': 'No impact on navigation, propulsion, or AIS '
'systems',
'systems_affected': 'Office computer network'},
'initial_access_broker': {'backdoors_established': 'Cellular modems for '
'remote access',
'entry_point': 'Physical access via Raspberry Pi '
'devices',
'high_value_targets': 'Office computer network'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Importance of physical security for onboard networks, '
'network segmentation, and monitoring for unauthorized '
'devices.',
'motivation': ['Espionage', 'Long-term surveillance'],
'post_incident_analysis': {'corrective_actions': ['Forensic analysis of '
'seized devices',
'Review of physical and '
'network security '
'protocols'],
'root_causes': ['Physical security lapse allowing '
'unauthorized device installation',
'Potential insider assistance or '
'lax access controls']},
'recommendations': ['Enhance physical security measures for restricted-access '
'areas on vessels',
'Improve detection of unauthorized hardware (e.g., '
'Raspberry Pi devices)',
'Strengthen network segmentation between office and '
'operational systems',
'Conduct regular audits of onboard networks for '
'anomalies'],
'references': [{'source': 'Bloomberg'}, {'source': 'Le Parisien'}],
'response': {'communication_strategy': 'Limited public disclosure '
'(spokesperson confirmed intrusion '
'attempt)',
'containment_measures': 'Removal of Raspberry Pi devices, '
'forensic analysis',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (French and Italian '
'authorities)',
'network_segmentation': 'Pre-existing segregation prevented '
'lateral movement',
'recovery_measures': 'Ferry resumed operations after '
'investigation',
'remediation_measures': 'Network segregation, enhanced '
'monitoring'},
'threat_actor': 'GRU (Russian military intelligence agency, possibly Unit '
'29155)',
'title': 'Russian Military Hackers Suspected in MSC Ferry Cyber Intrusion',
'type': 'Cyber Intrusion',
'vulnerability_exploited': 'Insufficient network segmentation between office '
'and operational systems'}