European investigators are probing whether Russian military hackers breached computer systems on a vessel owned by MSC-Mediterranean Shipping Company SA, the world’s largest container shipping group, according to people familiar with the matter.
The ferry, operated by MSC’s Grandi Navi Veloci unit, was immobilized Saturday in the southern French port of Sète as it prepared to sail to Algeria, the people said. The vessel was held to allow French authorities to confirm that operational systems had not been compromised. It eventually departed Sunday morning.
A spokesperson for the Grandi Navi Veloci unit told Bloomberg the company detected and neutralized an intrusion attempt on one of its ferries. The inquiry involving French and Italian officials remains ongoing.
Authorities are examining whether the attempted intrusion is linked to Russia’s military intelligence agency, the GRU, according to people familiar with the investigation. While no public attribution has been made, that assessment is based on forensic analysis and overlaps in tools, techniques and procedures with activity described in public reporting by US agencies, including the FBI and the US’ Cybersecurity and Infrastructure Security Agency, the people said. They spoke on condition of anonymity to describe an ongoing inquiry.
The episode has heightened concern among security officials about the cybersecurity risks facing maritime transport, especially physical attempts by adversaries to access ships’ onboard networks for tampering and conducting long-term surveillance. MSC controls the world’s largest container fleet and plays a key role in global trade linking Europe, Asia and the US.
Such breaches pose a global security risk because maritime transport carries the vast majority of world trade. Hacks can ripple across supply chains, threaten critical infrastructure and expose sensitive military and commercial movements worldwide.
The outsiders in this case attempted to gain access to the ship’s office computer network, which would have enabled them to impersonate a legitimate user, according to the people. They didn’t reach operational systems such as navigation, propulsion or its Automatic Identification System, or AIS, the people said. Investigators said segregation between office and operational networks, along with the absence of remote access to critical controls, prevented lateral movement and ruled out sabotage or hijacking scenarios.
Grandi Navi Veloci’s spokesperson declined to comment on the level of access that hackers may have achieved.
The same ship had been previously targeted. In November, investigators found a Raspberry device, a concealed miniature computer no larger than a deck of cards, connected to a shipboard computer in a restricted-access area, the people said. That device was removed after triggering security alerts and later subjected to forensic analysis.
The latest incident involved a second Raspberry device, discovered last week and connected to a different onboard computer, the people said. As with the first, it was paired with a cellular modem, enabling remote access to the ferry’s internal computer network and external connections. The device remains under judicial seizure and has not yet been fully analyzed, the people said.
A spokesperson for the Kremlin didn’t immediately respond to a request for comment.
Investigators identified similarities in how the attackers established and maintained contact with external command-and-control servers, the structure of those connections and the behavior of files introduced into the target environment. Such patterns are consistent with operations previously attributed in public reporting to Russia’s GRU, including Unit 29155, they said.
Officials also suspect that a third Raspberry device may still be active aboard another vessel, according to people familiar with the investigation.
French media outlet Le Parisien previously reported that French intelligence services were investigating the discovery of spyware aboard the ferry and were considering a possible Russian link.
Was this article valuable?
Here are more articles you may enjoy.
Florida Jury Returns $779M Verdict for Family of Security Guard Killed at Gambling Cafe 
McKinsey Plots Thousands of Job Cuts in Slowdown for Consulting Industry 
North Carolina Sting Operation Alleges Roofer Damaged Shingles to File Claim 
After Years of Pushing Rate Hikes, Florida’s Citizens Now Wants HO Rate Decrease 
