National Iranian Tanker Company (NITC) hit by network compromise linked to Lab-Dookhtegan
Incident
Summary
Hide ▲
Show ▼
National Iranian Tanker Company (NITC) and Islamic Republic of Iran Shipping Lines (IRISL) suffered a communications systems compromise that bricked onboard satellite links, AIS tracking, and ship-to-shore connectivity across dozens of vessels. The destructive intrusion was attributed to Lab-Dookhtegan, which said it obtained admin/root access through Fanava Group and disabled the Falcon software that kept the ships connected. Access reportedly dates back to May, indicating the attackers had persistent control before the disruption became public. The impact is severe because the affected ships lost core operational communications and may need on-site recovery work.
Timeline
-
26.08.2025 00:10 1 articles · 9mo ago
Lab-Dookhtegan claims destructive compromise of NITC and IRISL vessels
Initial DisclosureLab-Dookhtegan, also called Sewn Lips, claimed a destructive compromise of National Iranian Tanker Company (NITC) and Islamic Republic of Iran Shipping Lines (IRISL) vessels after gaining admin-level access to Linux systems on shipboard satellite terminals through Fanava Group. The claimed intrusion disabled Falcon, left satellite links and automatic identification system (AIS) tracking inoperable, and bricked communications on 25 cargo ships and 39 tankers; Nariman Gharib said the attackers also seized IP phone systems and may have overwritten storage on multiple vessels, creating weeks or months of recovery work per ship.
Show sources
- Hackers Lay in Wait, Then Knocked Out Iran Ship Comms — www.darkreading.com — 26.08.2025 00:10