The victim, a Greek shipping company, has shipping routes particularly in challenging waters like the Gulf of Aden, Somalia.
According to sources, between 2010 and 2011, this company experienced an unusually high number of successful (physical) piracy attacks while navigating through the Gulf of Aden. Upon investigation, it was uncovered that hackers, believed to be commissioned by pirates, infiltrated the company's systems. The primary aim of this unauthorized access was to obtain detailed ship routing plans, which enabled pirates to identify the most vulnerable ships and precisely time their passage through high-risk areas. After analysis, the breach's origin was traced back to Wi-Fi-enabled light bulbs, a recent addition to the company's office infrastructure.
It seems that the failure to change default credentials on these smart devices facilitated unauthorized access, leading to operational, financial, and reputational damages.