The hacktivist group *Lab Dookhtegan* targeted over 100 oil tankers operated by Iranian government-affiliated entities, disrupting their satellite communication systems (e.g., VSAT terminals). By exploiting vulnerabilities—likely unpatched systems or default credentials—the attackers gained full control over internal and external communications, effectively isolating the vessels at sea. The breach extended beyond communications, potentially compromising IT and OT (Operational Technology) systems onboard, which could disrupt navigation, cargo operations, or safety protocols. While no immediate physical damage or data theft was confirmed, the attack crippled critical infrastructure tied to Iran’s oil transport, a vital economic sector. The incident highlights the fragility of maritime cybersecurity, where compromised satellite links can paralyze fleet operations, risking delays, financial losses, and broader supply chain disruptions. The geopolitical context amplifies the impact, as such attacks could escalate tensions or provoke retaliatory measures in an already volatile region.
Source: https://cydome.io/lab-dookhtegan-cyber-attack-on-iranian-oil-tankers-disrupts-operations/
TPRM report: https://www.rankiteo.com/company/niopdc
"id": "nio336092125",
"linkid": "niopdc",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'oil and gas (maritime transportation)',
'location': 'Iran (vessels operating internationally)',
'name': 'Unspecified Iranian government-linked oil '
'tanker companies',
'size': '100+ vessels affected',
'type': ['government-linked',
'maritime',
'oil transportation']}],
'attack_vector': ['exploitation of vulnerabilities in satellite communication '
'systems (VSAT terminals)',
'default credentials'],
'description': "The anti-Iranian government hacktivist group 'Lab Dookhtegan' "
'claimed to have disrupted both internal and external '
'communications of over 100 oil tankers linked to Iranian '
'government-associated companies. The attack isolated the '
'vessels at sea by exploiting vulnerabilities in their '
'satellite communication systems (e.g., VSAT terminals), '
'potentially due to unchanged default passwords. The group '
'took control of all vessel communications and may have spread '
'to IT and OT systems.',
'impact': {'downtime': 'communications disrupted (duration unspecified)',
'operational_impact': 'vessels isolated at sea due to loss of '
'internal and external communications',
'systems_affected': ['satellite communication systems (VSAT '
'terminals)',
'potential IT systems',
'potential OT systems']},
'initial_access_broker': {'entry_point': ['VSAT terminals (satellite '
'communication systems)'],
'high_value_targets': ['oil tanker communications',
'IT/OT systems']},
'motivation': ['political',
'hacktivism',
'anti-government (anti-Iranian regime)'],
'post_incident_analysis': {'root_causes': ['unchanged default passwords in '
'VSAT terminals',
'vulnerabilities in satellite '
'communication systems']},
'references': [{'source': 'Cydome (cybersecurity company report)'},
{'source': 'Lab Dookhtegan Telegram channel announcement'}],
'threat_actor': 'Lab Dookhtegan',
'title': 'Disruption of Communications on Over 100 Iranian Oil Tankers by Lab '
'Dookhtegan',
'type': ['cyberattack', 'disruption', 'hacktivism'],
'vulnerability_exploited': ['unchanged default passwords in VSAT terminals',
'weak security in satellite communication '
'systems']}