The hacker group Lab-Dookhtegan executed a targeted cyberattack on Iran’s maritime sector, specifically breaching the National Iranian Tanker Company (NITC) and its affiliated systems. The attack compromised satellite terminals and central maritime communications software, severing connections between 60+ vessels (39 tankers and 25 cargo ships) and shore-based operations. Critical systems, including Automatic Identification System (AIS) tracking and satellite links, were disabled, crippling real-time monitoring and coordination. The disruption coincided with Iranian naval maneuvers in the Gulf of Oman, exacerbating operational chaos.The hackers claimed root-level access, indicating deep infiltration into IT and telecom infrastructure managed by an Iranian holding company. This incident mirrors a prior attack in March 2025, where the same group disabled 116 vessels, strategically timed with US military operations against Iran-backed Houthis in Yemen. The attack’s scale and targeting of strategic maritime assets vital for Iran’s oil exports and global trade highlight its potential to destabilize regional logistics, economic flows, and geopolitical tensions. The loss of real-time vessel tracking poses risks of collisions, smuggling, or unauthorized movements, while the prolonged outage undermines Iran’s ability to manage its fleet securely.
Source: https://safety4sea.com/hackers-launch-cyber-attack-targeting-iranian-fleet/
TPRM report: https://www.rankiteo.com/company/national-iranian-tanker-company
"id": "nat749082525",
"linkid": "national-iranian-tanker-company",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'maritime/oil shipping',
'location': 'Iran',
'name': 'National Iranian Tanker Company (NITC)',
'type': 'state-owned enterprise'},
{'industry': 'maritime/cargo shipping',
'location': 'Iran',
'name': 'Islamic Republic of Iran Shipping Lines '
'(IRISL)',
'type': 'state-owned enterprise'},
{'industry': 'IT/telecommunications',
'location': 'Iran',
'name': 'Unnamed Iranian IT and Telecoms Holding '
'Company',
'type': 'holding company'}],
'attack_vector': ['infiltration of IT/telecom systems',
'root-level access exploitation'],
'description': 'A hacker group known as Lab-Dookhtegan claimed responsibility '
'for a cyberattack on Iran’s maritime sector, disabling '
'communications on more than 60 oil tankers and cargo ships. '
'The group infiltrated the National Iranian Tanker Company '
'(NITC) and the Islamic Republic of Iran Shipping Lines '
'(IRISL), disrupting operations on 39 tankers and 25 cargo '
'ships by breaching systems operated by an Iranian IT and '
'telecoms holding company. The hackers obtained root-level '
'access to systems running the vessels’ satellite terminals, '
'shutting down central software for maritime communications, '
'cutting connections between ships and shore, and disabling '
'AIS tracking and satellite links. The attack coincided with '
'Iranian naval maneuvers in the Gulf of Oman.',
'impact': {'operational_impact': ['disruption of 39 oil tankers',
'disruption of 25 cargo ships',
'loss of ship-to-shore communications'],
'systems_affected': ['satellite terminals',
'maritime communications software',
'AIS tracking systems']},
'initial_access_broker': {'high_value_targets': ['maritime communications '
'systems',
'satellite terminals']},
'threat_actor': 'Lab-Dookhtegan',
'title': 'Cyberattack on Iran’s Maritime Sector by Lab-Dookhtegan',
'type': ['cyberattack',
'disruption of maritime communications',
'unauthorized access']}