Security
Iranian oil tanker fleet paralyzed in alleged cyber attack
Hackers claim to have disrupted communications for 116 Iranian vessels, exposing vulnerabilities in Iranian regime's maritime operations.
![Map showing locations of Iranian regime's merchant fleet reportedly affected by communications breach. [Lab Dookhtegan X account]](/gc3/images/2025/03/28/49772-lab-dookhtegan-post1-370_237.webp)
By Pishtaz |
A cyber attack that targeted the Islamic Republic's merchant fleet on March 17 has crippled maritime communications and Tehran's ability to conduct oil sales and exports, according to the alleged perpetrators and security experts.
Iranian hacker group Lab Dookhtegan claims it carried out the attack, which it said disrupted communications on 116 vessels belonging to the National Iranian Tanker Company (NITC) and Islamic Republic of Iran Shipping Lines (IRISL).
"In an unprecedented move, we successfully disrupted the communication network of two Iranian companies that, among various terrorist activities, are responsible for supplying munitions to Houthis," the group said on social media.
The maritime communications breach is the Iranian regime's latest major security failure in recent months, following revelations about its shadow fleet operations and the destruction of proxy communication networks.
![Lab Dookhtegan claimed responsibility for disrupting communications on 116 Iranian vessels. [Lab Dookhtegan X account]](/gc3/images/2025/03/28/49773-Lab-Dookhtegan-tweet-370_237.webp)
Iran International has described it as "one of the largest cyber attacks against maritime operations in history."
While the attack cannot be independently verified, Lab Dookhtegan is known and according to experts is credible in its attacks, per The Maritime Executive and cybersecurity firm Cydome.
"The report is gaining wide media attention including in Iran," The Maritime Executive said, though neither government officials nor the shipping companies have commented.
The oil trading network was set up by the late Islamic Revolutionary Guard Corps Quds Force (IRGC-QF) commander Qassem Soleimani, according to Reuters.
The IRGC gets around half of Iran's oil export revenue, it said.
Critical vulnerabilities
The attack may have exploited critical vulnerabilities in the fleet's satellite systems, according to Cydome.
It likely targeted VSAT (Very Small Aperture Terminal) technology that the vessels depend on for external communications -- including possible breaches through factory-set passwords that were never updated, it said.
"Ship personnel can no longer communicate with one another, and their connection to the ports and outside world has been severed," Lab Dookhtegan said following the disruption.
Restoring full communications capabilities across the affected vessels could take weeks, it said.
The nature of the attack suggests extensive planning and advanced capabilities, involving automated deployment of malware or malicious commands across the fleet simultaneously, Cydome said.
The vessels now may be limited to traditional short-range radio systems for basic ship-to-ship and ship-to-shore communications, according to The Maritime Executive.
The timing coincides with heightened US military operations against the Iranian regime's proxies, the Houthis.
It also comes as the Iranian regime faces increased scrutiny over its maritime activities, including the use of "ghost fleets" to evade international sanctions.