In November 2018, the Yuk Tung vessel (operating under the fake name Maika) executed a sophisticated AIS spoofing attack, impersonating the Hika a Comoros-flagged sister ship with an identical IMO number but located over 7,000 km away. The deception involved falsifying the vessel’s identity, path, and destination, following a suspicious ship-to-ship transfer with the *Ocean Explorer* in October. This attack exploited maritime tracking systems, enabling the Yuk Tung to evade regulatory oversight, potentially facilitating illicit activities (e.g., sanctions evasion, smuggling, or unauthorized cargo transfers). The incident demonstrated a highly coordinated cyber-physical deception, undermining global maritime security protocols. While no direct data breach or financial theft was reported, the attack compromised the integrity of the IMO’s vessel identification framework, eroding trust in Automatic Identification System (AIS) data a critical component for navigation safety, port authorities, and law enforcement. The long-term impact includes increased risks of undetected illegal maritime operations, regulatory bypass, and potential cascading effects on global trade security.
Source: https://cpb-us-e1.wpmucdn.com/blogs.gwu.edu/dist/8/416/files/2021/02/4-Neil-Watts_Final.pdf
TPRM report: https://www.rankiteo.com/company/international-maritime-organization
"id": "int408092125",
"linkid": "international-maritime-organization",
"type": "Cyber Attack",
"date": "11/2018",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'maritime shipping',
'location': ['Panamanian-flagged (registered)',
'operational location unknown (spoofed)'],
'name': 'Yuk Tung (operating as Maika)',
'type': 'cargo vessel'},
{'industry': 'maritime shipping',
'location': ['Comoros-flagged (registered)',
'actual location: ~7,000 km away from '
'spoofed position'],
'name': 'Hika',
'type': 'cargo vessel'},
{'industry': 'maritime shipping',
'name': 'Ocean Explorer',
'type': 'cargo vessel'},
{'industry': 'maritime governance',
'location': 'Panama',
'name': 'Panamanian Maritime Authority',
'type': 'regulatory body'},
{'industry': 'maritime governance',
'location': 'Comoros',
'name': 'Comoros Maritime Authority',
'type': 'regulatory body'}],
'attack_vector': ['GPS/AIS manipulation',
'vessel identity spoofing',
'ship-to-ship transfer exploitation'],
'data_breach': {'sensitivity_of_data': 'high (maritime safety and regulatory '
'compliance)',
'type_of_data_compromised': ['vessel identity data',
'AIS transmission logs',
'maritime traffic data']},
'date_detected': '2018-11',
'description': 'In November 2018, the Yuk Tung vessel, operating under the '
'name Maika with a Panamanian flag, engaged in AIS spoofing by '
'faking its identity and altering its path and destination. '
'This followed a suspicious ship-to-ship transfer with the '
'Ocean Explorer in October 2018. The Maika impersonated the '
'Comoros-flagged vessel Hika, which shared the same IMO number '
'but was over 7,000 kilometers away at the time. Both vessels '
'were sister ships with identical specifications, built by the '
'same constructor. The incident demonstrated an advanced level '
'of deception in maritime cyber operations, likely aimed at '
'evading authorities or facilitating illicit activities.',
'impact': {'brand_reputation_impact': ['eroded trust in maritime AIS '
'reliability',
'potential reputational damage to flag '
'states (Panama, Comoros)'],
'data_compromised': ['vessel identity data',
'AIS transmission records',
'maritime traffic monitoring integrity'],
'identity_theft_risk': ["vessel identity theft (Hika's IMO number "
'used by Maika)'],
'legal_liabilities': ['violation of maritime regulations',
'potential sanctions for deceptive practices',
'investigations by port authorities'],
'operational_impact': ['disruption of legitimate vessel tracking',
'compromised maritime safety protocols',
'potential for undetected illicit '
'activities'],
'systems_affected': ['AIS (Automatic Identification System)',
'maritime tracking databases',
'port authority monitoring systems']},
'initial_access_broker': {'entry_point': ['compromised AIS transmitter',
'exploited vessel registration '
'loopholes'],
'high_value_targets': ['maritime authorities',
'port security systems',
'global shipping tracking '
'databases'],
'reconnaissance_period': ['potential long-term '
'planning given the '
'ship-to-ship transfer in '
'October 2018']},
'investigation_status': 'unclear (no public records of resolution)',
'lessons_learned': ['AIS spoofing poses significant risks to maritime safety '
'and regulatory compliance.',
'Sister vessels with identical IMO numbers create '
'vulnerabilities for identity fraud.',
'Real-time cross-verification of vessel identities is '
'critical to prevent deception.',
'Ship-to-ship transfers may be exploited to facilitate '
'spoofing activities.'],
'motivation': ['evading maritime authorities',
'facilitating illicit ship-to-ship transfers',
'concealing vessel movements for unspecified purposes'],
'post_incident_analysis': {'root_causes': ['lack of robust authentication in '
'AIS transmissions',
'duplicative IMO numbers for '
'sister vessels enabling identity '
'fraud',
'inadequate real-time monitoring '
'of vessel position anomalies',
'exploitation of ship-to-ship '
'transfer procedures for deceptive '
'purposes']},
'recommendations': ['Enhance AIS authentication mechanisms to prevent '
'spoofing.',
'Implement cross-referencing of vessel positions with '
'satellite data.',
'Strengthen maritime cybersecurity protocols for vessel '
'identity management.',
'Increase international cooperation to track and penalize '
'AIS spoofing incidents.',
'Conduct regular audits of vessel registrations to detect '
'duplicates or anomalies.'],
'references': [{'source': 'Maritime cybersecurity reports (2018-2019)'}],
'regulatory_compliance': {'regulations_violated': ['International Maritime '
'Organization (IMO) vessel '
'identification standards',
'maritime traffic '
'monitoring regulations',
'flag state registration '
'integrity']},
'response': {'enhanced_monitoring': ['potential post-incident reviews of AIS '
'authentication protocols']},
'title': 'AIS Spoofing Incident Involving Yuk Tung (Maika) and Hika Vessels',
'type': ['AIS spoofing', 'maritime cyber deception', 'identity fraud'],
'vulnerability_exploited': ['weaknesses in AIS (Automatic Identification '
'System) authentication',
'lack of real-time cross-verification of vessel '
'identities',
'exploitation of maritime regulatory gaps']}