Maritime Computer Emergency Response Team ADMIRAL dataset ADMIRAL dataset

Publicly disclosed information for this event

Index Number:
Title:
2020_012
Ports hit by cyberattack believed to be from state origin - operational capacities altered.
Day Month Year Country Activity Incident Type
9 May 2020 Iran, Islamic Republic of Port Intrusion

Summary

The victim, a critical port the country's southern coast experienced an unanticipated cessation in its operations. The computer systems that coordinated the traffic of vessels, goods, and trucks collectively malfunctioned, resulting in significant delays on water routes and access roads.

According to sources, officials publicly recognized that the port's computer systems had been compromised by a foreign cyberattack. Subsequent details suggest that the cyber intrusion was a significant offensive. This cyberattack could have been conducted in retaliation to a prior alleged attempt to breach other computer systems in the attacking country reported by the medias. The impacts of this attack would have been confirmed by satellite images showign traffic congestions leading to the port and numerous loaded container ships queued off the coast. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of Israel, although there has been no official acknowledgment from the Israeli side.

Victim

Port of Shahid Rajaee

Claimed/Reported Threat Actor

Israel

Origin

Political

Main impact

Availability

References

  1. https://www.zdnet.com/article/iran-reports-failed-cyber-attack-on-strait-of-hormuz-port/
  2. https://www.nytimes.com/2020/05/19/world/middleeast/israel-iran-cyberattacks.html
  3. https://www.washingtonpost.com/national-security/officials-israel-linked-to-a-disruptive-cyberattack-on-iranian-port-facility/2020/05/18/9d1da866-9942-11ea-89fd-28fb313d1886_story.html
  4. https://iranprimer.usip.org/blog/2023/may/03/report-iran-accelerates-cyberattacks
  5. https://www.youtube.com/watch?v=9XVIrXHtpeg

Recommendations to Port to reduce Intrusion risks:

  • Implement strong access controls and authentication mechanisms to limit unauthorized access, such as Multi Factor Authentication.
  • Regularly update and patch software and systems to address known vulnerabilities.
  • Use Network Intrusion Detection Systems (NIDS) to monitor and block suspicious activities.
  • Segment your network to limit lateral movement by attackers in case of a breach.
  • Educate your employees about phishing attacks and social engineering tactics to prevent credential theft.
Previous Next
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks.
Files generated on Monday, 11th December 2023.
ADMIRAL is licensed under the Creative Commons CC-BY-NC license. Copyright © France Cyber Maritime 2023.