Maritime Computer Emergency Response Team ADMIRAL dataset ADMIRAL dataset

Publicly disclosed information for this event

Index Number:
Title:
2023_049
A shipping company's website is compromised and used in an attack in the context of a waterholing [...]
Day Month Year Country Activity Incident Type
18 April 2023 Israel Shipping Waterholing Attack

Summary

A shipping company's website is compromised and used in an attack in the context of a waterholing attack carried out by a reputed Iranian state actor.

Victim

SNY Cargo

Claimed/Reported Threat Actor

Iran

Origin

Political

Main impact

Confidentiality

References

  1. https://www.clearskysec.com/wp-content/uploads/2023/05/Fata-Morgana-Israeli-Websites-Infected-by-Iranian-Group-1.8.pdf

Recommendations to Shipping to reduce Waterholing Attack risks:

  • Educate employees about the risks of visiting untrusted websites and downloading content.
  • Implement network-level filtering to block access to known malicious websites.
  • Regularly update and patch web browsers and plugins to protect against exploits.
  • Use web isolation solutions to protect against malware infections from compromised websites.
  • Monitor network traffic for unusual patterns and unexpected connections to suspicious domains.
  • Check with your CSIRT organization the existence of such websites in your sector.
Previous Next
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks. Yes, there are no common and shared incident IDs in cyber (for now!).
Files generated on Thursday, 02nd November 2023.
ADMIRAL is licensed under the Creative Commons CC-BY-NC license. Copyright © France Cyber Maritime 2023.