The maritime industry, responsible for moving about 90% of global trade, has found itself in the crosshairs of cybercriminals and advanced persistent threat (APT) groups.
Over the past year, a sharp uptick in targeted cyberattacks has been documented, with more than 100 incidents attributed to APT operatives, financially motivated hackers, ransomware syndicates, and hacktivist groups.
Security experts warn that growing geopolitical conflicts have widened the attack surface, endangering vessel safety and the global supply chain.
Sophisticated Campaigns and Ransomware on the Rise
Recent incidents illustrate the industry’s exposure to both sophisticated espionage and financially motivated cybercrime.
In March 2025, the anti-Iranian group Lab Dookhtegan reportedly disrupted communications on 116 Iranian vessels, severing ship-to-port and inter-ship links via a targeted cyberattack during heightened Middle Eastern tensions.
Such operations highlight how maritime assets are being weaponized in response to ongoing military and political conflicts.
APT groups such as SideWinder (targeting ports from Egypt to Vietnam), China’s Mustang Panda (using USB-based attacks on cargo ship systems in Europe), and Russia’s APT28 (focused on NATO maritime supply chains) have all been active.
Notably, ransomware has taken center stage: groups leveraging ransomware toolkits have exfiltrated sensitive data, including ship blueprints and credentials, putting intellectual property and vessel operations at risk.
In addition to direct attacks, dark web marketplaces have seen a surge in the sale of sensitive information allegedly stolen from maritime organizations, ranging from internal documents and source code for critical submarine systems to port security credentials and technical manuals.
Critical Vulnerabilities Expose Industry Weaknesses
Industry-specific vulnerabilities remain a powerful tool for attackers.
Researchers have highlighted several entry points: Citrix NetScaler flaws (CVE-2025-5777/6543), which may affect ship-to-shore communications, and weaknesses in Schneider Electric’s EcoStruxure automation products (CVE-2024-2658) used on modern vessels.
Satellite and wireless communication devices such as COBHAM SAILOR VSAT and Cisco Aironet APs are also being targeted, threatening both navigation systems and port automation.
Vulnerabilities in diagnostic and configuration tools like Emerson ValveLink can directly impact ballast, fuel, and engine control, raising the risk of physical incidents due to cyber intrusion.
Strengthening Maritime Cybersecurity
To address this onslaught, CISO teams are urged to implement rigorous network isolation, restrict USB device usage, and separate operational networks from public-facing systems.
Maritime operators are advised to prioritize patch management, enforce multi-factor authentication, segment IT and OT environments, and comply with evolving regulations such as IACS UR E26/E27 and the NIS2 Directive.
With increasing evidence of ransomware and APT-driven campaigns, the maritime sector must rapidly evolve its cybersecurity strategies to safeguard regional stability and the resilience of global trade.
