{ "version": "https://jsonfeed.org/version/1", "title": "Advanced Dataset of Maritime Cybersecurity Incidents Releases for Literature", "home_page_url": "https://www.m-cert.fr/admiral", "feed_url": "https://www.m-cert.fr/admiral/admiral.json", "items": [ { "id": "1980_001", "title": "7/6/1980 - Ship - Malfunction (SE)", "content_html": "A ferry with a Gross Register Tonnage (GRT) of 10,000, measuring 72.2 m long and 28 m wide, commenced its maiden voyage from Sweden to Syria in May 1980. Owned by a Swedish company and loaded with a significant amount of cargo, its journey included stops in Gibraltar, Crete, and Athens.\nAccording to sources, as the ship sailed near Athens, it began experiencing steering problems, originating from a software error in its electronic ballast system. This error led to excess water being pumped into the ballast tanks. By the time it reached Larnaca, Cyprus, on 2 June 1980, the listing issue intensified. To prevent potential harbor obstruction, the vessel was towed about 1 km offshore.\n\nTragically, on 7 June 1980, the situation escalated, and the ship capsized approximately 1500 meters from Larnaca harbor. The consequence of this incident was the sinking of the vessel and a financial loss of an estimated £200 million in cargo.", "url": "https://www.m-cert.fr/admiral/1980_001.html", "date_published": "Fri, 06 Jun 1980 22:00:00 -0000" }, { "id": "1998_001", "title": "2/3/1998 - Defence - Denial of service (US)", "content_html": "The US Navy, with computers stationed at locations including Point Loma, California; Charleston, South Carolina; and Norfolk, Virginia, was reportedly affected by a widespread cyberattack targeting systems running the Microsoft Windows NT and Windows 95 operating systems. This "denial of service" event was part of a larger assault that impacted numerous entities throughout the US.\nComputers potentially experienced system crashes between 8:30 and 10 p.m. on Monday, March 2nd. These crashes might have manifested as either error messages or blank screens. Multiple users could have interpreted these interruptions as standard system hiccups or potential power glitches. The alleged attack, described as a variant of the "teardrop" technique, involved sending distorted data packets to targeted machines. Trying to decipher these misleading packets, the computers might have been led to use up excessive memory, ultimately causing system failures. This modified version of the attack seemed to facilitate targeting a vast array of computers simultaneously.\nWhile the exact fallout from the attack on the Navy's operations at the aforementioned locations remains speculative, the cyber incident could have presented significant disruptions. The events were likely seen in a serious light, potentially wasting precious time and hampering Navy personnel in their tasks.", "url": "https://www.m-cert.fr/admiral/1998_001.html", "date_published": "Sun, 01 Mar 1998 23:00:00 -0000" }, { "id": "1999_001", "title": "1999 - Defence - Intrusion (US)", "content_html": "In 1999, a UK citizen confessed to illegally accessing U.S. Navy computer systems and was further suspected of infiltrating other state information systems. To address this incident, the U.S. Federal Bureau of Investigation (FBI) closely collaborated with New Scotland Yard in the UK. As a consequence of these intrusions, the individual was handed a sentence equivalent to three years on a probationary status.", "url": "https://www.m-cert.fr/admiral/1999_001.html" }, { "id": "2001_001", "title": "2001 - Port - Denial of service (US)", "content_html": "The Port of Houston in Texas ranks as the world's eighth-busiest maritime facility. It manages vast quantities of cargo, notably containers, and is also involved in significant passenger movements, serving as a major hub in the maritime sector.\n\nAccording to sources, the port experienced a distributed denial-of-service (DDoS) attack in August 2001, leading to potential disruptions in its operations.\n\nWhile the exact operational impact remains unclear, reports indicate that a U.S. citizen was subsequently convicted in relation to this cyber event.", "url": "https://www.m-cert.fr/admiral/2001_001.html" }, { "id": "2001_002", "title": "20/9/2001 - Port - Denial of service (US)", "content_html": "The Port of Houston in Texas ranks as the world's eighth-busiest maritime facility. It manages vast quantities of cargo, predominantly containers, and also facilitates significant passenger movements, serving as a central hub in the maritime sector.\n\nAccording to sources, on the evening of September 20 (Central Standard Time), there was a disruption in the port's network. Essential navigational data, such as tides, water depths, and weather information, might have become unavailable. A British teenager is believed to have initiated this disruption, allegedly in retaliation against a chat-room user over anti-American remarks. Subsequent investigations reportedly led to a DDoS attack tool being identified on the teenager's computer. However, the teenager was later freed of all charges during the trial.\n\nIf the sources are accurate, while the cyberattack may not have resulted in physical damage, it could have disrupted operations. It's also noteworthy that, based on reports, the Port of Houston had faced a DDoS attack in August 2001, leading to another individual's conviction.", "url": "https://www.m-cert.fr/admiral/2001_002.html", "date_published": "Wed, 19 Sep 2001 22:00:00 -0000" }, { "id": "2002_001", "title": "1/4/2002 - Defence - Intrusion (US)", "content_html": "A group of hackers managed to penetrate the computer systems of the U.S. Navy's command and other entities. They defaced the U.S. Navy's website to highlight security vulnerabilities. A defense contractor, developing a website for the U.S. Navy, shut down its network after the hackers accessed employee passwords. The website pages were also defaced, information was made public, and messages claimed the action under the name "Dynamic Duo".", "url": "https://www.m-cert.fr/admiral/2002_001.html", "date_published": "Sun, 31 Mar 2002 22:00:00 -0000" }, { "id": "2002_002", "title": "2/12/2002 - Offshore - Intrusion (VE)", "content_html": "The national oil company of Venezuela is a major entity responsible for a substantial portion of the country's economic activity and its contribution to local and world's oil supply.\nAccording to sources, during national strike movement, an intrusion targeted OT systems of the company, as well as centrally controlled operations. An major impact would have been Programmable Logic Controllers (PLCs) at a port facility being wiped out.\nDue to the intrusion, Venezuela's oil production faced a significant decline, dropping from 3 million barrels per day (BPD) to just 300 thousand BPD. Oil production had to be stopped during eight hours, a tanker waiting in the port could not be provided with oil, and PLCs had to be reinstalled.", "url": "https://www.m-cert.fr/admiral/2002_002.html", "date_published": "Sun, 01 Dec 2002 23:00:00 -0000" }, { "id": "2003_001", "title": "10/7/2003 - Defence - Website Compromission (US)", "content_html": "According to sources, during the U.S.-led invasion of Iraq, certain websites associated with the U.S. Navy were allegedly compromised in cyber intrusions. The disruptions appear to have targeted the main online interfaces of these platforms. The enquiry showed that the activities had been conducted by a hacker named "DKD", who, purportedly, replaced website home pages with political slogans.\n\nAlthough there might not have been direct operational consequences, such events can influence public trust and perception. Legal ramifications for the involved individual could include a potential prison term of up to three years and a financial penalty nearing $50,850.", "url": "https://www.m-cert.fr/admiral/2003_001.html", "date_published": "Wed, 09 Jul 2003 22:00:00 -0000" }, { "id": "2006_001", "title": "6/11/2006 - Defence - Intrusion (US)", "content_html": "The victim, recognized as the nation's premier center for strategic thought and national security policy development for the Navy, serves a diverse student body. The institution has 581 students, including officers from various military branches such as the Army, Air Force, Coast Guard and Marines, as well as civilians and international attendees.\n\nAccording to sources, around November 16, an intrusion into the computer network at a renowned naval academic institution was detected by the Navy Cyber Defense Operations Command. The compromised system, primarily used by the institution's students, was unclassified.\n\nIn response to the breach, the institution's network, including its email and website, has been offline for over two weeks. While the exact timeline for its restoration remains uncertain, measures were taken to enhance the network's defenses, including upgrading firewalls. An investigation was conducted to determine the full extent of the intrusion, with officials abstaining from speculating on potential suspects.", "url": "https://www.m-cert.fr/admiral/2006_001.html", "date_published": "Sun, 05 Nov 2006 23:00:00 -0000" }, { "id": "2008_001", "title": "1/5/2008 - Offshore - Intrusion (US)", "content_html": "The victim, a leading drilling firm, relies on sophisticated computer systems which are essential for offshore operations, including remote telemetry and leak detection.\n\nAccording to sources, after the termination of his contract in May 2008, a former IT consultant with the company allegedly accessed its communication system without authorization. This system, which the consultant had previously set up, ensured communication between the company's onshore offices and offshore oil platforms. The unauthorized intrusion had an important impact on integrity and availability, causing significant financial losses.\n\nThough the company temporarily lost control of its telemetry systems, there were no consequent oil leaks or environmental hazards. The investigations identified evidence pointing to the consultant's involvement. If found guilty, he could be charged with potential penalties reaching up to ten years in prison.", "url": "https://www.m-cert.fr/admiral/2008_001.html", "date_published": "Wed, 30 Apr 2008 22:00:00 -0000" }, { "id": "2009_001", "title": "12/1/2009 - Defence - Virus/Ransomware (FR)", "content_html": "According to sources, the French military's computer systems faced significant challenges from the malicious code known as Downadup/Conficker at that time. This malware, first detected in November 2008, exploits vulnerabilities in Windows systems. Downadup/Conficker was capable of dynamically altering its digital signature, effectively evading detection by many antivirus solutions. This worm could also lock out user accounts, seek passwords, block antivirus updates, hinder access to Windows Update, and even spread through the auto-run feature of USB drives. By January 12, 2009, the French Navy's internal network, Intramar, which is responsible for transmitting most digital data, was compromised by this malware. The spread was significant enough that certain operational systems had to be halted.\n\nIn response to the infection, the French military took drastic measures. Internet access was severed, and the use of USB drives was temporarily banned. The likely origin of the infection was believed to be direct or indirect web connections, possibly via USB drives or laptops, of "closed networks" – computers meant to be isolated from external access. This incident underlined the difficulties to maintain a large number of Windows assets up to date at that time.", "url": "https://www.m-cert.fr/admiral/2009_001.html", "date_published": "Sun, 11 Jan 2009 23:00:00 -0000" }, { "id": "2010_001", "title": "2010 - Offshore - Virus/Ransomware (KR)", "content_html": "According to sources, in 2010, a major player in the offshore rigging sector had an offshore rig suffered a comprehensive malware attack. The event occured when the rig leaf the construction yard in South Korea for its production site in Latin America (probably Brazil). The malicious software managed to infiltrate essential controls, including offline safety mechanisms.\n\nThe malware's infiltration had a severe operational impact, forcing the rig to shut down for 19 days. Considering the high day-to-day operational costs of such rigs, even if it was not in production, substantial financial losses of over 10 million dollars could have been reached.", "url": "https://www.m-cert.fr/admiral/2010_001.html" }, { "id": "2010_002", "title": "2010 - Shipowner - Intrusion (GR)", "content_html": "The victim, a Greek shipping company, has shipping routes particularly in challenging waters like the Gulf of Aden, Somalia.\n\nAccording to sources, between 2010 and 2011, this company experienced an unusually high number of successful (physical) piracy attacks while navigating through the Gulf of Aden. Upon investigation, it was uncovered that hackers, believed to be commissioned by pirates, infiltrated the company's systems. The primary aim of this unauthorized access was to obtain detailed ship routing plans, which enabled pirates to identify the most vulnerable ships and precisely time their passage through high-risk areas. After analysis, the breach's origin was traced back to Wi-Fi-enabled light bulbs, a recent addition to the company's office infrastructure.\n\nIt seems that the failure to change default credentials on these smart devices facilitated unauthorized access, leading to operational, financial, and reputational damages.", "url": "https://www.m-cert.fr/admiral/2010_002.html" }, { "id": "2010_003", "title": "23/8/2010 - Defence - GPS/AIS jamming/spoofing (KR)", "content_html": "According to sources, for 4 days during August 2010, North Korea jammed GPS frequencies, impacting 1 Navy ship.", "url": "https://www.m-cert.fr/admiral/2010_003.html", "date_published": "Sun, 22 Aug 2010 22:00:00 -0000" }, { "id": "2011_001", "title": "1/5/2011 - Defence - Intrusion (US)", "content_html": "According to sources, a "hacker", identifying as "sl1nk", claimed to have gained significant unauthorized accesses within the systems of several military and governmental agencies, amongst which the Navy. The "hacker" also alleged possession of thousands of sensitive documents.", "url": "https://www.m-cert.fr/admiral/2011_001.html", "date_published": "Sat, 30 Apr 2011 22:00:00 -0000" }, { "id": "2011_002", "title": "1/8/2011 - Shipowner - Data leak (IR)", "content_html": "According to sources, in August 2011, the victim was targeted by an advanced cyber attack. The spread and depth of the attack gave indications that the attack may be state-sponsored. Though details about the specific attackers remain unclear, the nature of the attack aligns with activities seen in other high-profile intrusion sets.\nWhile the entity acknowledged the compromise of some data, they stressed that no company-classified details leaked. They were able to recover the deleted information. However, the incident did inflict significant damage, both operationally and in terms of the pressure it placed on the organization.", "url": "https://www.m-cert.fr/admiral/2011_002.html", "date_published": "Sun, 31 Jul 2011 22:00:00 -0000" }, { "id": "2011_003", "title": "11/8/2011 - Industry - Intrusion (JP)", "content_html": "The victim is Japan's largest defense contractor. The company is known for producing missiles, aicraft parts as well as naval assets.\n\nAccording to sources, the company revealed that hackers had infiltrated its computer systems. The target of this intrusion seems to have been their submarine, missile, and nuclear power plant component factories. Around 80 virus-compromised computers were discovered at multiple locations, including their Tokyo headquarters and various manufacturing and R&D sites. Notably, the attack corresponds to activities associated with cyber threats that other global defense contractors, amongst others in the U.S., faced around that time.\n\nWhile the company spokesman emphasized that crucial data related to products or technologies remained secure, there was an admission that certain system information like IP addresses had been leaked. There's a potential, though considered minimal, for further information breaches. Various computer viruses, including the Trojan horse which is known for stealing vital information, were identified within its primary offices and production locations.\n\n\n\n\n\n", "url": "https://www.m-cert.fr/admiral/2011_003.html", "date_published": "Wed, 10 Aug 2011 22:00:00 -0000" }, { "id": "2011_004", "title": "13/12/2011 - Port - Intrusion (NL)", "content_html": "According to sources, on the night of 13 to 14 December 2011, there was a system outage affecting the Tax and Customs Administration's computer system, a critical system for reporting import and export goods and allowing the logistic procedures to follow smoothly.\nAs a result of the system's unavailability, ships and trucks were immobilized, causing business transactions and movements within the port to be temporarily suspended.", "url": "https://www.m-cert.fr/admiral/2011_004.html", "date_published": "Mon, 12 Dec 2011 23:00:00 -0000" }, { "id": "2011_005", "title": "2011 - Port - Physical hijack (NL)", "content_html": "Ports are using IT systems to monitor and manage the movement of containers and the goods they transport. A notorious drug-smuggling operation was revealed, showcasing the potential links between cybercrime and drug trafficking. A group of traffickers commissioned "hackers" to penetrate these systems. The cyberattack aimed to ascertain the exact locations of containers, making it possible for the traffickers to discreetly retrieve narcotics mixed with genuine cargo.\n\nAccording to sources, the operation unfolded over two years, starting with hackers sending malicious software via emails to staff. This was followed by more advanced methods like breaking into the premises to install key-logging devices. This modus operandi permitted them to monitor keystrokes and screen activity. While the total volume of drugs transported remains undetermined, a significant seizure included over a tonne of cocaine, worth around €130m, a suitcase containing €1.3M. A separate event that drew attention was an attack on a lorry driver, unrelated to the conspiracy, who was mistakenly believed to have transported a container filled with cocaine.\n\nThe port also had to pays amounts to compensate for the loss of containers, and to strengthen its security measures.", "url": "https://www.m-cert.fr/admiral/2011_005.html" }, { "id": "2011_006", "title": "4/3/2011 - Ship - GPS/AIS jamming/spoofing (KR)", "content_html": "According to sources, for 11 days during March 2011, North Korea jammed GPS frequencies, impacting 10 ships in South Korea.", "url": "https://www.m-cert.fr/admiral/2011_006.html", "date_published": "Thu, 03 Mar 2011 23:00:00 -0000" }, { "id": "2012_001", "title": "1/8/2012 - Offshore - Virus/Ransomware (SA)", "content_html": "According to sources, the company's systems were compromised by a destructive malware designed explicitly for 32-bit NT kernel versions of Microsoft Windows. This malware, known as Shamoon, spread from one infected machine to other networked computers. Once a system was infiltrated, the malware compiled lists of files, relayed them to the attacker, and subsequently deleted them. The virus culminated its attack by overwriting the Master Boot Record (MBR), rendering the infected computer non-operational. The attack was claimed by a group called "Cutting Sword of Justice".\nThe consequences of the cyber intrusion were significant, deeply affecting the victim's operational capabilities. An estimated 30,000 workstations were impacted, necessitating the company to devote over a week for service restoration. This event had cascading effects on the global market: the company's sudden and vast procurement of hard drives led to a notable hike in their market prices. Additionally, the public faced gasoline shortages as a direct result of the attack.", "url": "https://www.m-cert.fr/admiral/2012_001.html", "date_published": "Tue, 31 Jul 2012 22:00:00 -0000" }, { "id": "2012_002", "title": "1/9/2012 - Defence - Spearphishing (US)", "content_html": "According to sources, the victim faced cyber intrusions starting in 2009, with the deployment of the Hydraq (Aurora) Trojan horse being a prominent method. Over the subsequent years, the attackers systematically exploited several zero-day vulnerabilities, notably on Adobe and Microsoft products (CVE-2012-0779, CVE-2012-1875, CVE-2012-1889 and CVE-2012-1535). The Tactics, Techniques, and Procedures (TTPs) of the attacks seem to correspond with activities reputed of a group associated with the "Elderwood Platform." Furthermore, there was a noticeable shift in their methods, with an increase in "watering hole" techniques, compromising specific websites expected to be visited by targets.\nThe repercussions of these incidents for the victim could be multifaceted. Operational disturbances might have arisen due to the deployment of the mentioned zero-day vulnerabilities, potentially jeopardizing sensitive intellectual property. These intrusions might have also facilitated unauthorized access to top-tier defense contractors by using the victim as an intermediary. Given the escalated use of "watering hole" attacks, a vast amount of data may have been at risk, though the specifics on the type and extent of data remain uncertain.\n", "url": "https://www.m-cert.fr/admiral/2012_002.html", "date_published": "Fri, 31 Aug 2012 22:00:00 -0000" }, { "id": "2012_003", "title": "2012 - Port - Intrusion (AU)", "content_html": "The victim is responsible for customs and border protection in Australia. They operate a cargo system that monitors and manages the flow of goods in and out of the country.\nAccording to sources, in 2012, a cyber intrusion occurred within the Australian Custom and Border Protection cargo system. An individual gained unauthorized access to the system, allowing them to monitor the movement of specific cargo items.\nUtilizing the unauthorized access, the individual could discern when certain containers were flagged by the system as suspicious. This knowledge enabled the attacker to smuggle drugs into the country, as they could abandon containers marked for inspection, effectively evading detection by the authorities.", "url": "https://www.m-cert.fr/admiral/2012_003.html" }, { "id": "2012_004", "title": "21/4/2012 - Organisation - Virus/Ransomware (DK)", "content_html": "The victim plays a central role in Denmark's governmental infrastructure, holding sensitive information on the nation's shipping companies and merchant navy.\nAccording to sources, in April 2012, a foreign state-sponsored cyber intrusion targeted the Danish Maritime Authority, other ministries, and companies of the private sector. The so-called "highly sophisticated attack" first used a phishing technique where a malicious virus was embedded in a PDF document attached to an email. When an unsuspecting employee of the Maritime Authority opened this compromised attachment, it granted the hackers back-door access to not only that particular computer but also an additional 13 PCs, several servers, and the larger Maritime Authority's network. The Danish authorities remained unaware of the security breach until files from the Maritime Authority were detected on a foreigh server, known to be under hacker control. This discovery led to the identification of the compromised files, which originated from the Maritime Authority employee's computer that had been infected through the virus email attachment.\nThere was a disclosure of sensitive business information. As a countermeasure, the Danish authorities shut down the compromised system and surrounding assets for several days. Only after implementing new anti-virus programs was the system reactivated. Several sources in Denmark underlined the attack as similar to Chinese-reputed Tactics, Techniques and Procedures (TTPs).\n\n\n\n\n\n\n\n\n\n\n", "url": "https://www.m-cert.fr/admiral/2012_004.html", "date_published": "Fri, 20 Apr 2012 22:00:00 -0000" }, { "id": "2012_005", "title": "10/10/2012 - Offshore - Intrusion (IR)", "content_html": "According to sources, the victim's offshore oil and gas platforms' communication networks have been targeted by cyber attackers in recent weeks. The head of information technology for a key oil company in the country confirmed the cyber-attack attempts on the offshore platforms' information networks. The attacks have been repelled, and the telephone operations on the platforms and other oil and gas operations in a critical gulf region are reported to be functioning normally.", "url": "https://www.m-cert.fr/admiral/2012_005.html", "date_published": "Tue, 09 Oct 2012 22:00:00 -0000" }, { "id": "2012_006", "title": "28/4/2012 - Defence - GPS/AIS jamming/spoofing (KR)", "content_html": "As well as other countries, South Korea heavily relies on GPS navigation for various sectors including aviation, maritime, and road transport. The country has previously faced similar electronic disruptions in the years 2010 and 2011.\nAccording to sources, from late April to early May, large coordinated cyber disturbances, which are believed to originate from North Korea, emitted electronic jamming signals affecting GPS navigations. These disruptions influenced passenger aircraft, ships, and car navigation systems. Signals were pinpointed coming from the direction of Kaesong, a location approximately 10 kilometers from the inter-Korean border and about 50 kilometers from key areas such as Seoul. Historical data suggests that past jamming incidents coincided with U.S.-South Korea joint military exercises and lasted for a duration of up to 10 days.\nWhile no immediate accidents, casualties, or fatalities were reported despite jammed navigation signals affecting 337 commercial flights and 122 ships, amongst which a ferry with 287 souls on board and an oil tanker.", "url": "https://www.m-cert.fr/admiral/2012_006.html", "date_published": "Fri, 27 Apr 2012 22:00:00 -0000" }, { "id": "2012_007", "title": "2012 - Offshore - Virus/Ransomware (IR)", "content_html": "A cyberattack on a primary oil terminal resulted in data being wiped from hard drives. While both "virus" and "worm" were terms used to describe the attack, the impact was significant, affecting multiple oil facilities. The main Kharg Island oil terminal, crucial for the nation's crude exports, was disconnected from the Internet to mitigate the attack's spread.\nAccording to sources, despite this, oil production and exports remained undisturbed, even if several oil-linked institution websites went down, it is unclear whether this was due to the attack or a preventive measure to isolate them and prevent further infection or intrusion.", "url": "https://www.m-cert.fr/admiral/2012_007.html" }, { "id": "2012_008", "title": "2012 - Defence - Intrusion (DE)", "content_html": "The group is victim of a cyberattack described as “heavy” and of an “exceptional quality”.", "url": "https://www.m-cert.fr/admiral/2012_008.html" }, { "id": "2012_009", "title": "2012 - Defence - Intrusion (US)", "content_html": "According to sources, starting in August 2012 and for a duration of four months, a group with Tactics, Techniques and Procedures reputed as Iran conducted an intrusion into the US Navy's unclassified administrative network (800 000 users, 2500 sites), during a wider operation called Operation Cleaver. The attackers would have exploited a vulnerability on a public-facing website before pivoting onto the intranet.\nSources report that no data was stolen in the attack but that, however, $10 M were necessary to repair the damages caused by the attack.", "url": "https://www.m-cert.fr/admiral/2012_009.html" }, { "id": "2013_001", "title": "2013 - Offshore - Virus/Ransomware (US)", "content_html": "According to sources, a Mobile Offshore Drilling Unit (MODU) in the Gulf of Mexico off the coast of Texas was compromised by malicious software downloaded by offshore oil workers through various sources which could have been direct satellite connections, laptops, or USB drives contaminated onshore.\nThe infection had an impact on the Operational Technology (OT) of the MODU, and especially on the operational status of the Dynamic Positioning system (DP), causing the MODU to drift from the dwelling site. The Blow Out Preventer (BOP) kicked in and shut down the drilling, preventing environmental risk.\nWhile some sources mention multiple infections on several offshore platforms, the US Coast Guard commander only mentions one MODU impacted.", "url": "https://www.m-cert.fr/admiral/2013_001.html" }, { "id": "2013_002", "title": "2013 - Port - GPS/AIS jamming/spoofing (US)", "content_html": "In 2013, without the precise day, month, or port publicly known, a GPS anomaly (probably jamming) impacted four automated cranes for more than seven hours. The operational capacities of two additional cranes were also impacted.", "url": "https://www.m-cert.fr/admiral/2013_002.html" }, { "id": "2013_003", "title": "17/1/2013 - Defence - Human error (US)", "content_html": "The ship was a mine countermeasures ship, part of the Avenger-class in the United States Navy, 68m long and 12m wide. She was built in the mid-1980s.\n\nAccording to sources, in January 2013, after a port of call, the vessel ran aground on a protected reef in the Philippines during a transit. Discrepancies in Electronic Navigational Chart (ENC) mislocated the reef, playing a significant role in the mishap.\n\nThe grounding of the ship on the reef had substantial implications. Due to challenges in recovery and risks of further reef damage, the ship was decommissioned a month post the incident. Measures to minimize environmental impact included segmenting the ship into pieces and removing it section by section. The incident led to the U.S. compensating the Philippines for reef damages and associated costs. The U.S. Navy ultimately decided to scrap the vessel, for an estimated cost of $277 million.", "url": "https://www.m-cert.fr/admiral/2013_003.html", "date_published": "Wed, 16 Jan 2013 23:00:00 -0000" }, { "id": "2013_004", "title": "1/3/2013 - Industry - Virus/Ransomware (US)", "content_html": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "url": "https://www.m-cert.fr/admiral/2013_004.html", "date_published": "Thu, 28 Feb 2013 23:00:00 -0000" }, { "id": "2013_005", "title": "27/5/2013 - Defence - Intrusion (US)", "content_html": "The U.S. defense sector was targeted by an attack which seems to have concerned sensitive programs such as naval ships, missiles and sensors.\nAccording to sources, designs for a multitude of advanced weapons systems were breached. The exact timeline and breadth of these breaches remain undisclosed. The attack corresponds to activities associated with an intrusion set that many knowledgeable officials link to a larger espionage campaign.\n\n\n\n", "url": "https://www.m-cert.fr/admiral/2013_005.html", "date_published": "Sun, 26 May 2013 22:00:00 -0000" }, { "id": "2013_006", "title": "1/9/2013 - Shipyard - Virus/Ransomware (KR)", "content_html": "According to sources, a new Advanced Persistent Threat (APT) group dubbed "Icefog" was detected, targeting maritime actors such as shipyards and naval defence industry. The main maritime targets publickly disclosed were located in South Korea, and in the US for one undisclosed Oil and Gas corporation.\nThe initial spearphishing attacks mostly used Microsoft Office and Java exploits. The specialized backdoor named "Icefog" (or "Fucobha") was compatible with both Windows and Mac OS X platforms. The attackers were able to gain access to sensitive documents and plans, as well as emails credentials.\nOver 4,000 machines were detected infected at a global level. Though the majority of these were in Asia, and in Korea for the maritime and naval sector, a significant number of undisclosed targets were also traced back to the USA, Europe, and Australia.", "url": "https://www.m-cert.fr/admiral/2013_006.html", "date_published": "Sat, 31 Aug 2013 22:00:00 -0000" }, { "id": "2013_007", "title": "2013 - Port - Denial of service (US)", "content_html": "A research paper linking to a now vanished article (that I found back on web.archive.org) mentions the possibility that the victim port would have been victim of a "large scale" Distributed Denial of Service attack in 2013.\nThe port mentioned, in other available studies, that it had to face at that date one million hacking attempts a day and two to three so-called "cyber storms" a year.", "url": "https://www.m-cert.fr/admiral/2013_007.html" }, { "id": "2013_008", "title": "1/3/2013 - Industry - Virus/Ransomware (DE)", "content_html": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "url": "https://www.m-cert.fr/admiral/2013_008.html", "date_published": "Thu, 28 Feb 2013 23:00:00 -0000" }, { "id": "2013_009", "title": "1/3/2013 - Industry - Virus/Ransomware (SE)", "content_html": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "url": "https://www.m-cert.fr/admiral/2013_009.html", "date_published": "Thu, 28 Feb 2013 23:00:00 -0000" }, { "id": "2013_010", "title": "1/3/2013 - Industry - Virus/Ransomware (GB)", "content_html": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "url": "https://www.m-cert.fr/admiral/2013_010.html", "date_published": "Thu, 28 Feb 2013 23:00:00 -0000" }, { "id": "2013_011", "title": "1/3/2013 - Industry - Virus/Ransomware (AU)", "content_html": "According to the source, between 2012 and 2013, a group attacked civilan and military operations in the US, Germany, Sweden, UK, Australia and other countries involved in maritime satellite systems, as well as defense contractors.", "url": "https://www.m-cert.fr/admiral/2013_011.html", "date_published": "Thu, 28 Feb 2013 23:00:00 -0000" }, { "id": "2013_012", "title": "1/9/2013 - Offshore - Virus/Ransomware (US)", "content_html": "According to sources, a new Advanced Persistent Threat (APT) group dubbed "Icefog" was detected, targeting maritime actors such as shipyards and naval defence industry. The main maritime targets publickly disclosed were located in South Korea, and in the US for one undisclosed Oil and Gas corporation.\nThe initial spearphishing attacks mostly used Microsoft Office and Java exploits. The specialized backdoor named "Icefog" (or "Fucobha") was compatible with both Windows and Mac OS X platforms. The attackers were able to gain access to sensitive documents and plans, as well as emails credentials.\nOver 4,000 machines were detected infected at a global level. Though the majority of these were in Asia, and in Korea for the maritime and naval sector, a significant number of undisclosed targets were also traced back to the USA, Europe, and Australia.", "url": "https://www.m-cert.fr/admiral/2013_012.html", "date_published": "Sat, 31 Aug 2013 22:00:00 -0000" }, { "id": "2014_001", "title": "2014 - Logistics - Scam (US)", "content_html": "Bunkering companies are high value targets for scammers. Handling worldwide money transactions in exchange for fuel bunkering, vulnerable procedures (lack of double check with alternative mean, for instance) or low awareness can lead to important financial consequences.\nAccording to sources, in this case, the attackers impersonated the seller and sent emails requesting payment to be made to a different bank account. The funds were sent into the scammer's bank account.\nThe victim was taken to court by its insurer, the cost of the scam for the bunkering company was evaluated to a $18 million loss.", "url": "https://www.m-cert.fr/admiral/2014_001.html" }, { "id": "2014_002", "title": "1/7/2014 - Logistics - Intrusion (US)", "content_html": "Compromised logistics bar code scanner caused cyber attack on internal network.", "url": "https://www.m-cert.fr/admiral/2014_002.html", "date_published": "Mon, 30 Jun 2014 22:00:00 -0000" }, { "id": "2014_003", "title": "2014 - Ship - GPS/AIS jamming/spoofing (XX)", "content_html": "A report underlines that 1% of all ships provide false identification information in their AIS data and 25% disable their AIS transmission.", "url": "https://www.m-cert.fr/admiral/2014_003.html" }, { "id": "2014_004", "title": "2014 - Logistics - Scam (CA)", "content_html": "The victim is a Canadian company engaged in mineral exploration and the development of seafloor copper, gold, silver, and zinc mining projects. They have affiliations with a Dubai-based marine solutions company and were in the process of providing a charterer's guarantee for an offshore project.\nAccording to sources, there was an incident in which the victim mistakenly made a $10-million deposit into an unauthorized account instead of to the Dubai-based company. This occurred during late November 2014, and the discovery of the error was made in December.\nUpon realization, the situation was promptly reported to authorities and an investigation was launched. The company has collaborated with its Dubai-based partner to find a resolution. Furthermore, both entities will decide on the steps to take regarding the misdirected funds once the investigation concludes, which is anticipated to span several months. Meanwhile, the ongoing construction of the related vessel remains unaffected.", "url": "https://www.m-cert.fr/admiral/2014_004.html" }, { "id": "2015_001", "title": "1/10/2015 - Education - Website Compromission (US)", "content_html": "Website defacement.", "url": "https://www.m-cert.fr/admiral/2015_001.html", "date_published": "Wed, 30 Sep 2015 22:00:00 -0000" }, { "id": "2015_002", "title": "1/12/2015 - Shipowner - Scam (CA)", "content_html": "Scam on the delivery of a new ship.", "url": "https://www.m-cert.fr/admiral/2015_002.html", "date_published": "Mon, 30 Nov 2015 23:00:00 -0000" }, { "id": "2015_003", "title": "2015 - Defence - Intrusion (US)", "content_html": "Defence contractors hit by 50 intrusions.", "url": "https://www.m-cert.fr/admiral/2015_003.html" }, { "id": "2015_004", "title": "2015 - Offshore - Intrusion (NO)", "content_html": "Over 50 intrusion on the offshore petrol and gaz sector.", "url": "https://www.m-cert.fr/admiral/2015_004.html" }, { "id": "2015_005", "title": "2015 - Offshore - Virus/Ransomware (US)", "content_html": "Offshore mobile drilling unit hit by a virus", "url": "https://www.m-cert.fr/admiral/2015_005.html" }, { "id": "2015_006", "title": "2015 - Shipowner - Spearphishing (CY)", "content_html": "Shipowner spearphished. False Wiring transferts orders scam.", "url": "https://www.m-cert.fr/admiral/2015_006.html" }, { "id": "2015_007", "title": "1/10/2015 - MRE - Virus/Ransomware (FR)", "content_html": "MRE company computer hit by ransomware.", "url": "https://www.m-cert.fr/admiral/2015_007.html", "date_published": "Wed, 30 Sep 2015 22:00:00 -0000" }, { "id": "2015_008", "title": "1/12/2015 - Shipowner - Intrusion (US)", "content_html": "A device containing personal data about mariners is declared lost.", "url": "https://www.m-cert.fr/admiral/2015_008.html", "date_published": "Mon, 30 Nov 2015 23:00:00 -0000" }, { "id": "2016_001", "title": "2016 - Logistics - Spearphishing (US)", "content_html": "Agent company email accounts spearphished. False Wiring transfers orders scam. 18M$ loss.", "url": "https://www.m-cert.fr/admiral/2016_001.html" }, { "id": "2016_002", "title": "2016 - Logistics - Spearphishing (US)", "content_html": "Charterer email accounts spearphished. Financial impact.", "url": "https://www.m-cert.fr/admiral/2016_002.html" }, { "id": "2016_003", "title": "2016 - Shipowner - Intrusion (US)", "content_html": "Shipping company hit by pirates locating valuables.", "url": "https://www.m-cert.fr/admiral/2016_003.html" }, { "id": "2016_004", "title": "2016 - Port - Denial of service (US)", "content_html": "A US major port is victim of a Denial of Service (DoS) attack.\nAccording to the sources, the Tactics, Techniques and Procedures (TTPs) used link to method of attacks claimed to be from Russia.\nOnly the administrative website of the port would have been targeted, without any proven impact on the port’s OT systems.", "url": "https://www.m-cert.fr/admiral/2016_004.html" }, { "id": "2016_005", "title": "2/3/2016 - Organisation - Intrusion (GB)", "content_html": "An anti-piracy organisation may have be hit by a cyberattack.", "url": "https://www.m-cert.fr/admiral/2016_005.html", "date_published": "Tue, 01 Mar 2016 23:00:00 -0000" }, { "id": "2016_006", "title": "1/4/2016 - Shipyard - Intrusion (KR)", "content_html": "Shipyard hit by a cyberattack. Data leak.", "url": "https://www.m-cert.fr/admiral/2016_006.html", "date_published": "Thu, 31 Mar 2016 22:00:00 -0000" }, { "id": "2016_007", "title": "1/4/2016 - Ship - GPS/AIS jamming/spoofing (KR)", "content_html": "280 ships hit by GPS issue sail back to port.", "url": "https://www.m-cert.fr/admiral/2016_007.html", "date_published": "Thu, 31 Mar 2016 22:00:00 -0000" }, { "id": "2016_008", "title": "11/8/2016 - Shipyard - Intrusion (DE)", "content_html": "The victim, a major conglomerate in Germany with activities spanning steel production to marine systems, reportedly became the target of a cyber intrusion.\nAccording to sources, earlier this year, technical trade secrets from the conglomerate's steel production and plant design divisions were compromised. Internal security measures identified the breach in April, linking it back to incidents from February. The attack corresponds to activities associated with unidentified attackers, their Tactics, Techniques and Procedures however linking them to what is analyzed as southeast Asia.\nPost-discovery, it was confirmed that the marine systems unit, a segment crucial for military submarine and warship production, remained untouched. The true extent of intellectual property loss is still undetermined.", "url": "https://www.m-cert.fr/admiral/2016_008.html", "date_published": "Wed, 10 Aug 2016 22:00:00 -0000" }, { "id": "2016_009", "title": "24/8/2016 - Shipyard - Data leak (FR)", "content_html": "Data leak concerning naval contracts.", "url": "https://www.m-cert.fr/admiral/2016_009.html", "date_published": "Tue, 23 Aug 2016 22:00:00 -0000" }, { "id": "2017_001", "title": "22/6/2017 - Ship - GPS/AIS jamming/spoofing (RU)", "content_html": "Nearly 20 ships report GNSS disruption near Novorossiysk displaying their position over 30 km from their actual position.", "url": "https://www.m-cert.fr/admiral/2017_001.html", "date_published": "Wed, 21 Jun 2017 22:00:00 -0000" }, { "id": "2017_002", "title": "27/6/2017 - Port - Virus/Ransomware (IN)", "content_html": "A port is hit by a ransomware attack leading to an interruption of its activities.", "url": "https://www.m-cert.fr/admiral/2017_002.html", "date_published": "Mon, 26 Jun 2017 22:00:00 -0000" }, { "id": "2017_003", "title": "30/6/2017 - Shipowner - Virus/Ransomware (DK)", "content_html": "Shipowner and its port terminals hit by NotPetya. 300M US$ loss. More than 4000 servers, 45 000 PCs and 2500 software applications had to be reinstalled.", "url": "https://www.m-cert.fr/admiral/2017_003.html", "date_published": "Thu, 29 Jun 2017 22:00:00 -0000" }, { "id": "2017_004", "title": "30/6/2017 - Port - Virus/Ransomware (NL)", "content_html": "Ports hit by NotPetya.", "url": "https://www.m-cert.fr/admiral/2017_004.html", "date_published": "Thu, 29 Jun 2017 22:00:00 -0000" }, { "id": "2017_005", "title": "13/7/2017 - Ship - Malfunction (DE)", "content_html": "Rudder failure on a ship. Software failure.", "url": "https://www.m-cert.fr/admiral/2017_005.html", "date_published": "Wed, 12 Jul 2017 22:00:00 -0000" }, { "id": "2017_006", "title": "1/7/2017 - Offshore - Remote Access (NO)", "content_html": "Offshore company hit by cyberattack (remote access).", "url": "https://www.m-cert.fr/admiral/2017_006.html", "date_published": "Fri, 30 Jun 2017 22:00:00 -0000" }, { "id": "2017_007", "title": "1/7/2017 - Shipowner - Intrusion (SG)", "content_html": "Shipowner IT system hacked", "url": "https://www.m-cert.fr/admiral/2017_007.html", "date_published": "Fri, 30 Jun 2017 22:00:00 -0000" }, { "id": "2017_008", "title": "16/10/2017 - Defence - Spearphishing (US)", "content_html": "Defence actors hit by spearphishing attempts.", "url": "https://www.m-cert.fr/admiral/2017_008.html", "date_published": "Sun, 15 Oct 2017 22:00:00 -0000" }, { "id": "2017_009", "title": "31/5/2017 - Industry - Intrusion (GB)", "content_html": "Remote access on a maritime company servers, data leak.", "url": "https://www.m-cert.fr/admiral/2017_009.html", "date_published": "Tue, 30 May 2017 22:00:00 -0000" }, { "id": "2017_010", "title": "1/1/2017 - Ship - Intrusion (DE)", "content_html": "Ship remote control claimed.", "url": "https://www.m-cert.fr/admiral/2017_010.html", "date_published": "Sat, 31 Dec 2016 23:00:00 -0000" }, { "id": "2017_011", "title": "1/1/2017 - Shipowner - Spearphishing (KR)", "content_html": "Multiple Business Email Compromises (BEC) targeting South Korea and Japan.", "url": "https://www.m-cert.fr/admiral/2017_011.html", "date_published": "Sat, 31 Dec 2016 23:00:00 -0000" }, { "id": "2017_012", "title": "28/6/2017 - Port - Virus/Ransomware (AR)", "content_html": "Port hit by ransomware.", "url": "https://www.m-cert.fr/admiral/2017_012.html", "date_published": "Tue, 27 Jun 2017 22:00:00 -0000" }, { "id": "2017_013", "title": "7/3/2017 - Port - Denial of service (CA)", "content_html": "According to the source, an unprecised computer system of the port faced a Denial of Service (DoS) attack during a meeting.\nThe source of the infection led to a guest's computer that connected to the port’s Wi-Fi, unintentionally triggering the attack due to a virus which was present on his computer.\nThe same article underlines the fact that the port faces numerous DoS attacks each week.", "url": "https://www.m-cert.fr/admiral/2017_013.html", "date_published": "Mon, 06 Mar 2017 23:00:00 -0000" }, { "id": "2017_014", "title": "27/5/2017 - Shipowner - Intrusion (AU)", "content_html": "The victim, a global entity employing around 4,000 individuals, operates within the maritime industry and is associated with a major international shipping conglomerate. It is known for providing marine solutions and has a significant presence in Australia, where the incident occurred.\n\nAccording to sources, the victim experienced a cybersecurity breach between May 27, 2017, and March 1, 2018. It was only upon discovery that the victim acted swiftly to mitigate the theft within a span of five hours.\n\nUnauthorized entities managed to auto-forward over 50,000 emails from the finance, payroll and operations departments to external accounts.", "url": "https://www.m-cert.fr/admiral/2017_014.html", "date_published": "Fri, 26 May 2017 22:00:00 -0000" }, { "id": "2018_001", "title": "24/7/2018 - Port - Virus/Ransomware (US)", "content_html": "Port hit by ransomware following a shipowner infection.", "url": "https://www.m-cert.fr/admiral/2018_001.html", "date_published": "Mon, 23 Jul 2018 22:00:00 -0000" }, { "id": "2018_002", "title": "2018 - Defence - Intrusion (US)", "content_html": "The victim, a Navy contractor engaged in highly sensitive work for the victim, was the subject of a security compromise. This entity develops naval warfare technology, including the creation of advanced submarine systems and undersea weapons, and is linked to significant U.S. defense initiatives such as the Sea Dragon project and other underwater programs.\n\nAccording to sources, state-sponsored attackers infiltrated the contractor's systems in early 2018. The TTPs of the breach align with those typically employed by the Chinese Ministry of State Security, known for its sophisticated cyber espionage operations. This incident is part of an ongoing cyberwarfare narrative between the U.S. and China, with the latter making significant advances despite international attempts to stem such intrusions.\n\nThe breach led to the exfiltration of 614 gigabytes of data, including details on the so-called Sea Dragon project. Although officials noted the data was unclassified, when aggregated, it potentially bore the hallmarks of classified information.", "url": "https://www.m-cert.fr/admiral/2018_002.html" }, { "id": "2018_003", "title": "20/9/2018 - Port - Intrusion (ES)", "content_html": "A port is hit by cyberattack.", "url": "https://www.m-cert.fr/admiral/2018_003.html", "date_published": "Wed, 19 Sep 2018 22:00:00 -0000" }, { "id": "2018_004", "title": "25/9/2018 - Port - Virus/Ransomware (US)", "content_html": "The victim, a critical hub for international maritime trade and commerce, is responsible for facilitating a wide array of activities at the waterfront, including cargo, cruise, and public services. As a strategic point of infrastructure, it is integrated into a larger network of ports and relies heavily on its technology systems to manage operations efficiently.\n\nAccording to sources, on September 25, 2018, the victim fell prey to a ransomware attack, identified as 'SamSam'. This cybersecurity incident was marked by demands for payment in Bitcoin and is associated with tactics typically linked to a state-sponsored hacker group operating out of Iran. The attack leveraged a highly sophisticated threat vector, aiming to disrupt the victim's technological systems, although the specific scale and origin remain part of an ongoing investigation by federal agencies.\n\nThe ramifications of the cyberattack may include substantial financial demands and could have resulted in operational hiccups, though initial reports indicated that cargo safety and traffic operations were not compromised. The incident drew the attention of and an investigation by the FBI and the Department of Homeland Security.", "url": "https://www.m-cert.fr/admiral/2018_004.html", "date_published": "Mon, 24 Sep 2018 22:00:00 -0000" }, { "id": "2018_005", "title": "10/10/2018 - Port - Spearphishing (CA)", "content_html": "Port hit by an attack attempt on emails.", "url": "https://www.m-cert.fr/admiral/2018_005.html", "date_published": "Tue, 09 Oct 2018 22:00:00 -0000" }, { "id": "2018_006", "title": "2/11/2018 - Shipyard - Intrusion (AU)", "content_html": "Intrusion in a company building military ships. Data leak.", "url": "https://www.m-cert.fr/admiral/2018_006.html", "date_published": "Thu, 01 Nov 2018 23:00:00 -0000" }, { "id": "2018_007", "title": "10/12/2018 - Offshore - Intrusion (IT)", "content_html": "400 servers of an IT-based oil company are hit it Saudi Arabia and UAE.", "url": "https://www.m-cert.fr/admiral/2018_007.html", "date_published": "Sun, 09 Dec 2018 23:00:00 -0000" }, { "id": "2018_008", "title": "1/8/2018 - Defence - Data leak (US)", "content_html": " A couple of former US Navy members have stolen personal and confidential datas about 9000 US Navy sailors.", "url": "https://www.m-cert.fr/admiral/2018_008.html", "date_published": "Tue, 31 Jul 2018 22:00:00 -0000" }, { "id": "2019_001", "title": "1/2/2019 - Ship - Virus/Ransomware (US)", "content_html": "Coast guard boarding on a ship victim of a cyberattack.", "url": "https://www.m-cert.fr/admiral/2019_001.html", "date_published": "Thu, 31 Jan 2019 23:00:00 -0000" }, { "id": "2019_002", "title": "1/5/2019 - Logistics - Intrusion (KW)", "content_html": "Transportation and shipping industry hit (backdoor).", "url": "https://www.m-cert.fr/admiral/2019_002.html", "date_published": "Tue, 30 Apr 2019 22:00:00 -0000" }, { "id": "2019_003", "title": "1/5/2019 - Ship - Spearphishing (US)", "content_html": "Two cruising ships are bit by phishing attacks. Personal data leak.", "url": "https://www.m-cert.fr/admiral/2019_003.html", "date_published": "Tue, 30 Apr 2019 22:00:00 -0000" }, { "id": "2019_004", "title": "1/7/2019 - Port - GPS/AIS jamming/spoofing (IL)", "content_html": "Ports cranes hit by GPS spoofing or jamming.", "url": "https://www.m-cert.fr/admiral/2019_004.html", "date_published": "Sun, 30 Jun 2019 22:00:00 -0000" }, { "id": "2019_005", "title": "1/7/2019 - Port - Virus/Ransomware (US)", "content_html": "Port actor hit by a ransomware.", "url": "https://www.m-cert.fr/admiral/2019_005.html", "date_published": "Sun, 30 Jun 2019 22:00:00 -0000" }, { "id": "2019_006", "title": "1/7/2019 - Port - GPS/AIS jamming/spoofing (CN)", "content_html": "GPS crop circles.", "url": "https://www.m-cert.fr/admiral/2019_006.html", "date_published": "Sun, 30 Jun 2019 22:00:00 -0000" }, { "id": "2019_007", "title": "1/11/2019 - Logistics - Intrusion (GB)", "content_html": "A maritime logistics company suffered a cyberattack following an intrusion.", "url": "https://www.m-cert.fr/admiral/2019_007.html", "date_published": "Thu, 31 Oct 2019 23:00:00 -0000" }, { "id": "2019_008", "title": "10/11/2019 - Offshore - Virus/Ransomware (US)", "content_html": "An offshore company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2019_008.html", "date_published": "Sat, 09 Nov 2019 23:00:00 -0000" }, { "id": "2019_009", "title": "1/12/2019 - Ship - GPS/AIS jamming/spoofing (CN)", "content_html": "GPS spoofing report.", "url": "https://www.m-cert.fr/admiral/2019_009.html", "date_published": "Sat, 30 Nov 2019 23:00:00 -0000" }, { "id": "2019_010", "title": "1/12/2019 - Port - Virus/Ransomware (US)", "content_html": "MTS actor hit by ransomware (ICS, CCTV and access control impacted).", "url": "https://www.m-cert.fr/admiral/2019_010.html", "date_published": "Sat, 30 Nov 2019 23:00:00 -0000" }, { "id": "2019_011", "title": "1/12/2019 - Ship - GPS/AIS jamming/spoofing (IT)", "content_html": "AIS spoofing off Elba.", "url": "https://www.m-cert.fr/admiral/2019_011.html", "date_published": "Sat, 30 Nov 2019 23:00:00 -0000" }, { "id": "2019_012", "title": "30/12/2019 - Industry - Virus/Ransomware (GB)", "content_html": "An offshore consulting company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2019_012.html", "date_published": "Sun, 29 Dec 2019 23:00:00 -0000" }, { "id": "2019_013", "title": "2019 - Ship - Virus/Ransomware (FI)", "content_html": "Several servers onboard a tanker and their backups are encrypted by a ransomware.", "url": "https://www.m-cert.fr/admiral/2019_013.html" }, { "id": "2019_014", "title": "2019 - Ship - GPS/AIS jamming/spoofing (NO)", "content_html": "Multiple GNSS spoofing operations over 2018 and 2019.", "url": "https://www.m-cert.fr/admiral/2019_014.html" }, { "id": "2019_015", "title": "2019 - Ship - Virus/Ransomware (XX)", "content_html": "Two ships of the same shipowner are infected by the Hermes ransomware.", "url": "https://www.m-cert.fr/admiral/2019_015.html" }, { "id": "2019_016", "title": "2019 - Ship - GPS/AIS jamming/spoofing (CY)", "content_html": "The victim is a tanker ship carrying over 5,000 metric tons of ethanol. As it was approaching Cyprus's shoreline during the night, the ship lost its GPS fix, making navigation challenging, especially in unfamiliar waters and in the dark.\nAccording to sources, the captain of the ship alerted the pilots' office at the oil terminal.\nThis anomaly in GPS is quite usual around Cyprus. The country has experienced significant GPS disruptions for at least the two years preceeding the incident, making it a representative case in the broader global challenge of intentional interference with vital navigation systems.", "url": "https://www.m-cert.fr/admiral/2019_016.html" }, { "id": "2020_001", "title": "5/1/2020 - Ship - Data leak (US)", "content_html": "During a TV set on board a cruising ship, a password is readable on a screen.", "url": "https://www.m-cert.fr/admiral/2020_001.html", "date_published": "Sat, 04 Jan 2020 23:00:00 -0000" }, { "id": "2020_002", "title": "10/1/2020 - Logistics - Virus/Ransomware (FR)", "content_html": "A multimodal logistic actor is hit by a ransomware attack", "url": "https://www.m-cert.fr/admiral/2020_002.html", "date_published": "Thu, 09 Jan 2020 23:00:00 -0000" }, { "id": "2020_003", "title": "23/2/2020 - Logistics - Data leak (US)", "content_html": "Logistics actor hit by a cyberattack. Data leak.", "url": "https://www.m-cert.fr/admiral/2020_003.html", "date_published": "Sat, 22 Feb 2020 23:00:00 -0000" }, { "id": "2020_004", "title": "15/3/2020 - Port - Virus/Ransomware (FR)", "content_html": "The victim, an administrative entity encompassing the cities of Marseille, Martigues, and the Aix-Marseille-Provence metropolis, was hit by a ransomware attack. This region, significant for its public services and infrastructure, faced a cyber incident that targeted interconnected information systems across multiple municipalities, including the Grand Port Maritime de Marseille.\nAccording to sources, over the course of a weekend, the public sector's digital infrastructure was compromised by ransomware identified as Mespinoza/Pysa.\nAs a consequence, networks had to be isolated. The presence of backup and recovery systems have mitigated the damage, averting the worst outcomes. No proven impact was detected on the port’s OT systems.", "url": "https://www.m-cert.fr/admiral/2020_004.html", "date_published": "Sat, 14 Mar 2020 23:00:00 -0000" }, { "id": "2020_005", "title": "7/4/2020 - Industry - Virus/Ransomware (DK)", "content_html": "A pumping system manufacturing company is hit by a ransomware cyberattack.", "url": "https://www.m-cert.fr/admiral/2020_005.html", "date_published": "Mon, 06 Apr 2020 22:00:00 -0000" }, { "id": "2020_006", "title": "10/4/2020 - Shipowner - Virus/Ransomware (CH)", "content_html": "Cruising company hit by a cyberattack - its systems are impacted during five days.", "url": "https://www.m-cert.fr/admiral/2020_006.html", "date_published": "Thu, 09 Apr 2020 22:00:00 -0000" }, { "id": "2020_007", "title": "21/4/2020 - Ship - Phishing (CL)", "content_html": "A maritime authority informs of several cases of impersonating in a few cases of phishing asking for the transmission of ship official documents to an unauthorized party.", "url": "https://www.m-cert.fr/admiral/2020_007.html", "date_published": "Mon, 20 Apr 2020 22:00:00 -0000" }, { "id": "2020_008", "title": "23/4/2020 - Manufacturer - Virus/Ransomware (SE)", "content_html": "A marine manufacturer is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2020_008.html", "date_published": "Wed, 22 Apr 2020 22:00:00 -0000" }, { "id": "2020_009", "title": "27/4/2020 - Offshore - Virus/Ransomware (US)", "content_html": "An offshore company is targeted by a ransomware attack - data leak.", "url": "https://www.m-cert.fr/admiral/2020_009.html", "date_published": "Sun, 26 Apr 2020 22:00:00 -0000" }, { "id": "2020_010", "title": "5/5/2020 - Logistics - Data leak (AU)", "content_html": "Multimodal actor hit by data leak.", "url": "https://www.m-cert.fr/admiral/2020_010.html", "date_published": "Mon, 04 May 2020 22:00:00 -0000" }, { "id": "2020_011", "title": "1/5/2020 - Ship - GPS/AIS jamming/spoofing (US)", "content_html": "AIS Crop circles off California.", "url": "https://www.m-cert.fr/admiral/2020_011.html", "date_published": "Thu, 30 Apr 2020 22:00:00 -0000" }, { "id": "2020_012", "title": "9/5/2020 - Port - Intrusion (IR)", "content_html": "The victim, a critical port the country's southern coast experienced an unanticipated cessation in its operations. The computer systems that coordinated the traffic of vessels, goods, and trucks collectively malfunctioned, resulting in significant delays on water routes and access roads.\n\nAccording to sources, officials publicly recognized that the port's computer systems had been compromised by a foreign cyberattack. Subsequent details suggest that the cyber intrusion was a significant offensive. This cyberattack could have been conducted in retaliation to a prior alleged attempt to breach other computer systems in the attacking country reported by the medias. The impacts of this attack would have been confirmed by satellite images showign traffic congestions leading to the port and numerous loaded container ships queued off the coast. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of Israel, although there has been no official acknowledgment from the Israeli side.", "url": "https://www.m-cert.fr/admiral/2020_012.html", "date_published": "Fri, 08 May 2020 22:00:00 -0000" }, { "id": "2020_013", "title": "18/5/2020 - Shipowner - Virus/Ransomware (HK)", "content_html": "A shipowner is victim of a ransomware attack. 20% of workstations and 10% of its servers are encrypted.", "url": "https://www.m-cert.fr/admiral/2020_013.html", "date_published": "Sun, 17 May 2020 22:00:00 -0000" }, { "id": "2020_014", "title": "9/6/2020 - Shipyard - Virus/Ransomware (NO)", "content_html": "Shipyard hit by a ransomware attack altering its operational capacities. Partial unemployment.", "url": "https://www.m-cert.fr/admiral/2020_014.html", "date_published": "Mon, 08 Jun 2020 22:00:00 -0000" }, { "id": "2020_015", "title": "19/6/2020 - Shipyard - Virus/Ransomware (FR)", "content_html": "The victim, renowned for its production of luxury catamarans and sailing vessels and contributing significantly to the boating industry, was subjected to a cyber intrusion. The victim's shipyard was already facing challenges due to the COVID-19 epidemic which had previously disrupted operations.\nAccording to sources, on 19th June, the entity suffered a significant computer system breach. The breach's technical details and the identity of the perpetrators have not been made explicit in the accessible report.\nThe intrusion and ransomware spread impacted both its IT infrastructure and part of its operational capabilities. This incident occurred during a critical period of production ramp-up following the easing of COVID-19 restrictions. Consequences of this incident may have included operational delays and potential financial repercussions, considering the earlier business growth and the victim's strategic efforts to recover from pandemic-related setbacks.", "url": "https://www.m-cert.fr/admiral/2020_015.html", "date_published": "Thu, 18 Jun 2020 22:00:00 -0000" }, { "id": "2020_016", "title": "20/6/2020 - Offshore - Virus/Ransomware (US)", "content_html": "A company working in dredging, waterfront construction, piers and wharves, bridge building, heavy lifts, and offshore work is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2020_016.html", "date_published": "Fri, 19 Jun 2020 22:00:00 -0000" }, { "id": "2020_017", "title": "23/7/2020 - Manufacturer - Virus/Ransomware (US)", "content_html": "A GPS manufacturer working, amongst others, for the maritime sector, is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2020_017.html", "date_published": "Wed, 22 Jul 2020 22:00:00 -0000" }, { "id": "2020_018", "title": "25/7/2020 - Ship - Human error (MU)", "content_html": "The bad setting of an ECDIS concurs to the grounding of a ship.", "url": "https://www.m-cert.fr/admiral/2020_018.html", "date_published": "Fri, 24 Jul 2020 22:00:00 -0000" }, { "id": "2020_019", "title": "1/8/2020 - Port - Spearphishing (US)", "content_html": "Spearhishing against the MTS.", "url": "https://www.m-cert.fr/admiral/2020_019.html", "date_published": "Fri, 31 Jul 2020 22:00:00 -0000" }, { "id": "2020_020", "title": "5/8/2020 - Offshore - Virus/Ransomware (NO)", "content_html": "A company working in the offshore domain in targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2020_020.html", "date_published": "Tue, 04 Aug 2020 22:00:00 -0000" }, { "id": "2020_021", "title": "15/8/2020 - Shipowner - Data leak (US)", "content_html": "Cruising company hit by ransomware. Important data leak.", "url": "https://www.m-cert.fr/admiral/2020_021.html", "date_published": "Fri, 14 Aug 2020 22:00:00 -0000" }, { "id": "2020_022", "title": "15/8/2020 - Classification company - Intrusion (NO)", "content_html": "Possible espionage case.", "url": "https://www.m-cert.fr/admiral/2020_022.html", "date_published": "Fri, 14 Aug 2020 22:00:00 -0000" }, { "id": "2020_023", "title": "11/9/2020 - Logistics - Virus/Ransomware (DK)", "content_html": "Multimodal actor hit by ransomware.", "url": "https://www.m-cert.fr/admiral/2020_023.html", "date_published": "Thu, 10 Sep 2020 22:00:00 -0000" }, { "id": "2020_024", "title": "20/9/2020 - Logistics - Virus/Ransomware (FR)", "content_html": "Multimodal actor hit by ransomware.", "url": "https://www.m-cert.fr/admiral/2020_024.html", "date_published": "Sat, 19 Sep 2020 22:00:00 -0000" }, { "id": "2020_025", "title": "25/9/2020 - Shipowner - Virus/Ransomware (GR)", "content_html": "A ferry and shipping company is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2020_025.html", "date_published": "Thu, 24 Sep 2020 22:00:00 -0000" }, { "id": "2020_026", "title": "25/9/2020 - Organisation - Intrusion (MT)", "content_html": "A transportation organisation is victim of an intrusion and has to stop its IT for five days.", "url": "https://www.m-cert.fr/admiral/2020_026.html", "date_published": "Thu, 24 Sep 2020 22:00:00 -0000" }, { "id": "2020_027", "title": "28/9/2020 - Shipowner - Virus/Ransomware (FR)", "content_html": "Shipowner hit by ransomware, data leak.", "url": "https://www.m-cert.fr/admiral/2020_027.html", "date_published": "Sun, 27 Sep 2020 22:00:00 -0000" }, { "id": "2020_028", "title": "30/9/2020 - Organisation - Intrusion (GB)", "content_html": "-Sophisticated- cyberattack on a worldwide maritime organisation.", "url": "https://www.m-cert.fr/admiral/2020_028.html", "date_published": "Tue, 29 Sep 2020 22:00:00 -0000" }, { "id": "2020_029", "title": "1/10/2020 - Shipowner - Virus/Ransomware (GB)", "content_html": "A ferry company is targeted by a ransomware attack causing impact on booking systems.", "url": "https://www.m-cert.fr/admiral/2020_029.html", "date_published": "Wed, 30 Sep 2020 22:00:00 -0000" }, { "id": "2020_030", "title": "15/10/2020 - Logistics - Virus/Ransomware (US)", "content_html": "An important transportation service firm is hit by a ransomware attack. Data leak.", "url": "https://www.m-cert.fr/admiral/2020_030.html", "date_published": "Wed, 14 Oct 2020 22:00:00 -0000" }, { "id": "2020_031", "title": "20/10/2020 - Logistics - Virus/Ransomware (CA)", "content_html": "A transportation service firm is hit by the Egregor group.", "url": "https://www.m-cert.fr/admiral/2020_031.html", "date_published": "Mon, 19 Oct 2020 22:00:00 -0000" }, { "id": "2020_032", "title": "16/11/2020 - Logistics - Virus/Ransomware (FR)", "content_html": "A logistics company is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2020_032.html", "date_published": "Sun, 15 Nov 2020 23:00:00 -0000" }, { "id": "2020_033", "title": "16/11/2020 - Port - Virus/Ransomware (US)", "content_html": "Fluvial port hit by ransomware. Attackers asked for a $US 200 000 ransom. Systems were recovered in a few days using offline backups.", "url": "https://www.m-cert.fr/admiral/2020_033.html", "date_published": "Sun, 15 Nov 2020 23:00:00 -0000" }, { "id": "2020_034", "title": "14/12/2020 - Shipowner - Virus/Ransomware (NO)", "content_html": "Cruising company hit by a ransomware attack making some IT systems unavailable for days. Several personal data could have been disclosed.", "url": "https://www.m-cert.fr/admiral/2020_034.html", "date_published": "Sun, 13 Dec 2020 23:00:00 -0000" }, { "id": "2020_035", "title": "28/12/2020 - Shipowner - Virus/Ransomware (DE)", "content_html": "Cruising company hit by a cyberattack. May have also impacted its ships and other ships of the group. Several cruises are cancelled.", "url": "https://www.m-cert.fr/admiral/2020_035.html", "date_published": "Sun, 27 Dec 2020 23:00:00 -0000" }, { "id": "2020_036", "title": "2020 - Ship - Virus/Ransomware (GB)", "content_html": "A vessel has its ship server and clients infected by a ransomware. Data loss.", "url": "https://www.m-cert.fr/admiral/2020_036.html" }, { "id": "2020_037", "title": "2020 - Ship - Virus/Ransomware (US)", "content_html": "Three vessels are infected by a ransomware.", "url": "https://www.m-cert.fr/admiral/2020_037.html" }, { "id": "2020_038", "title": "2/6/2020 - Shipowner - Virus/Ransomware (NO)", "content_html": "A ship and crew management and marine services providing company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2020_038.html", "date_published": "Mon, 01 Jun 2020 22:00:00 -0000" }, { "id": "2021_001", "title": "1/1/2021 - Port - Intrusion (KH)", "content_html": "A Port Authority is targeted by an APT actor.", "url": "https://www.m-cert.fr/admiral/2021_001.html", "date_published": "Thu, 31 Dec 2020 23:00:00 -0000" }, { "id": "2021_002", "title": "1/1/2021 - Defence - Intrusion (PH)", "content_html": "A Navy is targeted by an APT actor.", "url": "https://www.m-cert.fr/admiral/2021_002.html", "date_published": "Thu, 31 Dec 2020 23:00:00 -0000" }, { "id": "2021_003", "title": "10/1/2021 - Fishing - Virus/Ransomware (NO)", "content_html": "A ransomware hits a fish farm company.", "url": "https://www.m-cert.fr/admiral/2021_003.html", "date_published": "Sat, 09 Jan 2021 23:00:00 -0000" }, { "id": "2021_004", "title": "21/1/2021 - Logistics - Virus/Ransomware (AU)", "content_html": "A multimodal logistic company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_004.html", "date_published": "Wed, 20 Jan 2021 23:00:00 -0000" }, { "id": "2021_005", "title": "29/1/2021 - Port - Data leak (US)", "content_html": "A port authority is hit by a cyber attack.", "url": "https://www.m-cert.fr/admiral/2021_005.html", "date_published": "Thu, 28 Jan 2021 23:00:00 -0000" }, { "id": "2021_006", "title": "4/2/2021 - Ship - GPS/AIS jamming/spoofing (SE)", "content_html": "Several ships are targeted by an AIS spoofing attempt.", "url": "https://www.m-cert.fr/admiral/2021_006.html", "date_published": "Wed, 03 Feb 2021 23:00:00 -0000" }, { "id": "2021_007", "title": "7/2/2021 - Logistics - Virus/Ransomware (IN)", "content_html": "A logistics company working - amongst others - for the maritime sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_007.html", "date_published": "Sat, 06 Feb 2021 23:00:00 -0000" }, { "id": "2021_008", "title": "15/2/2021 - Classification company - Virus/Ransomware (US)", "content_html": "A classification company is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_008.html", "date_published": "Sun, 14 Feb 2021 23:00:00 -0000" }, { "id": "2021_009", "title": "18/2/2021 - Port - Intrusion (MM)", "content_html": "Port Authority hit by a cyberattack.", "url": "https://www.m-cert.fr/admiral/2021_009.html", "date_published": "Wed, 17 Feb 2021 23:00:00 -0000" }, { "id": "2021_010", "title": "18/2/2021 - Shipyard - Virus/Ransomware (FR)", "content_html": "The victim, a prestigious multinational corporation in the boating industry, faced a cyberattack that disrupted its IT infrastructure. The company, which holds a significant market presence with its diverse range of boats and leisure homes, recognized the intrusion during the night of February 18 to 19, prompting an immediate and comprehensive shutdown of its information systems.\nAccording to sources, the attack compelled several production units, especially in France, to either slow down or completely cease operations for a few days. In response, the company deployed backup applications and systems to resume activities in a secure yet degraded mode while conducting thorough investigations to fully restore all systems. Despite the disruption, the financial impact of the incident is reportedly covered by the company’s insurance policies.\nFollowing the attack, the victim has been working diligently with cybersecurity experts and authorities to mitigate the consequences. Further details regarding the incident's implications on the company’s financial results were anticipated to be shared in a subsequent report on the annual revenues for the year ended December 31, 2020, with an estimated impact of 45 M€.", "url": "https://www.m-cert.fr/admiral/2021_010.html", "date_published": "Wed, 17 Feb 2021 23:00:00 -0000" }, { "id": "2021_011", "title": "23/2/2021 - Organisation - Data leak (AU)", "content_html": "A transportation authority is hit by a supply chain data leak. 47 email accounts were compromised and 730GB of data - 3.8 million documents on 186 000 customers were exfiltrated.", "url": "https://www.m-cert.fr/admiral/2021_011.html", "date_published": "Mon, 22 Feb 2021 23:00:00 -0000" }, { "id": "2021_012", "title": "6/3/2021 - Shipowner - Intrusion (CN)", "content_html": "Shipping company mail system hit by an attack.", "url": "https://www.m-cert.fr/admiral/2021_012.html", "date_published": "Fri, 05 Mar 2021 23:00:00 -0000" }, { "id": "2021_013", "title": "18/3/2021 - Shipowner - Virus/Ransomware (JP)", "content_html": "A shipowner is hit by a viral attack.", "url": "https://www.m-cert.fr/admiral/2021_013.html", "date_published": "Wed, 17 Mar 2021 23:00:00 -0000" }, { "id": "2021_014", "title": "19/3/2021 - Shipowner - Data leak (US)", "content_html": "A cruising company is hit by a data leak.", "url": "https://www.m-cert.fr/admiral/2021_014.html", "date_published": "Thu, 18 Mar 2021 23:00:00 -0000" }, { "id": "2021_015", "title": "26/3/2021 - Ship - GPS/AIS jamming/spoofing (BE)", "content_html": "Several ships sailing on a fluvial river are victims of a GPS jammer aiming at protecting a yacht from drones.", "url": "https://www.m-cert.fr/admiral/2021_015.html", "date_published": "Thu, 25 Mar 2021 23:00:00 -0000" }, { "id": "2021_016", "title": "1/4/2021 - Shipowner - Virus/Ransomware (GB)", "content_html": "A ferry company is hit by a ransomware attack", "url": "https://www.m-cert.fr/admiral/2021_016.html", "date_published": "Wed, 31 Mar 2021 22:00:00 -0000" }, { "id": "2021_017", "title": "1/4/2021 - Offshore - Scam (FR)", "content_html": "The victim, a maritime service provider to the oil industry, experienced a cyberattack which resulted in the lockdown of its IT systems. The entity, known for operating a fleet of over 350 vessels serving the global oil and gas sector, was targeted in a security breach that occurred overnight.\nAccording to sources, the cyberattack was detected between the night of April 8 and the morning of April 9. As a security measure, access to computer applications such as email was suspended, rendering the company's employees without access to their computers. However, it was noted that no client operations were halted due to the attack. Communications from ships to shore remained active. The company's spokesperson refrained from specifying whether the attack involved ransomware but confirmed that, thus far, no data theft has been detected.\nIn response to the attack, the company worked to restore its IT systems. Despite the cyber incident, the company assured that its operational activities, particularly its client services remained uninterrupted.", "url": "https://www.m-cert.fr/admiral/2021_017.html", "date_published": "Wed, 31 Mar 2021 22:00:00 -0000" }, { "id": "2021_018", "title": "7/4/2021 - Shipowner - Virus/Ransomware (AE)", "content_html": "A shipowner is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_018.html", "date_published": "Tue, 06 Apr 2021 22:00:00 -0000" }, { "id": "2021_019", "title": "7/4/2021 - Logistics - Virus/Ransomware (US)", "content_html": "A multimodal logistic actor is victime of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_019.html", "date_published": "Tue, 06 Apr 2021 22:00:00 -0000" }, { "id": "2021_020", "title": "8/4/2021 - Shipowner - Virus/Ransomware (FR)", "content_html": "A shipowner is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_020.html", "date_published": "Wed, 07 Apr 2021 22:00:00 -0000" }, { "id": "2021_021", "title": "27/4/2021 - Organisation - Virus/Ransomware (FR)", "content_html": "A fluvial organisation is hit by a ransomware cyber attack.", "url": "https://www.m-cert.fr/admiral/2021_021.html", "date_published": "Mon, 26 Apr 2021 22:00:00 -0000" }, { "id": "2021_022", "title": "3/5/2021 - Defence - Spearphishing (RU)", "content_html": "A defence subcontractor is targeted by a spearphishing attack.", "url": "https://www.m-cert.fr/admiral/2021_022.html", "date_published": "Sun, 02 May 2021 22:00:00 -0000" }, { "id": "2021_023", "title": "10/5/2021 - Logistics - Virus/Ransomware (NL)", "content_html": "A multimodal logistic actor is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_023.html", "date_published": "Sun, 09 May 2021 22:00:00 -0000" }, { "id": "2021_024", "title": "21/5/2021 - Shipowner - Scam (DE)", "content_html": "Fake emails and invoices are manipulated by a third party. A total of 1.679 millions dollars is sent to a false bank account.", "url": "https://www.m-cert.fr/admiral/2021_024.html", "date_published": "Thu, 20 May 2021 22:00:00 -0000" }, { "id": "2021_025", "title": "22/5/2021 - Logistics - Virus/Ransomware (PE)", "content_html": "A logistic actor is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_025.html", "date_published": "Fri, 21 May 2021 22:00:00 -0000" }, { "id": "2021_026", "title": "1/6/2021 - Logistics - Virus/Ransomware (SG)", "content_html": "A logistic company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_026.html", "date_published": "Mon, 31 May 2021 22:00:00 -0000" }, { "id": "2021_027", "title": "2/6/2021 - Shipowner - Virus/Ransomware (US)", "content_html": "A ferry company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_027.html", "date_published": "Tue, 01 Jun 2021 22:00:00 -0000" }, { "id": "2021_028", "title": "2/6/2021 - Industry - Virus/Ransomware (FR)", "content_html": "A company specialized in scuba diving is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_028.html", "date_published": "Tue, 01 Jun 2021 22:00:00 -0000" }, { "id": "2021_029", "title": "3/6/2021 - Port - Virus/Ransomware (BR)", "content_html": "A port actor would be victim of a ransomware cyber attack.", "url": "https://www.m-cert.fr/admiral/2021_029.html", "date_published": "Wed, 02 Jun 2021 22:00:00 -0000" }, { "id": "2021_030", "title": "4/6/2021 - Logistics - Virus/Ransomware (US)", "content_html": "A multimodal freight actor is victim of a ransomware cyber attack.", "url": "https://www.m-cert.fr/admiral/2021_030.html", "date_published": "Thu, 03 Jun 2021 22:00:00 -0000" }, { "id": "2021_031", "title": "7/6/2021 - Fluvial - Virus/Ransomware (US)", "content_html": "A fluvial transport actor is concerned by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_031.html", "date_published": "Sun, 06 Jun 2021 22:00:00 -0000" }, { "id": "2021_032", "title": "15/6/2021 - Shipyard - Intrusion (KR)", "content_html": "The messaging system of a naval industry group is hit by an attack.", "url": "https://www.m-cert.fr/admiral/2021_032.html", "date_published": "Mon, 14 Jun 2021 22:00:00 -0000" }, { "id": "2021_033", "title": "17/6/2021 - Logistics - Virus/Ransomware (FR)", "content_html": "A multimodal logistics actor is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_033.html", "date_published": "Wed, 16 Jun 2021 22:00:00 -0000" }, { "id": "2021_034", "title": "21/6/2021 - Shipyard - Virus/Ransomware (KR)", "content_html": "A naval shipyard is hit by a cyberattack. Data leak.", "url": "https://www.m-cert.fr/admiral/2021_034.html", "date_published": "Sun, 20 Jun 2021 22:00:00 -0000" }, { "id": "2021_035", "title": "24/6/2021 - Logistics - Virus/Ransomware (IT)", "content_html": "A multimodal logistics actor is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_035.html", "date_published": "Wed, 23 Jun 2021 22:00:00 -0000" }, { "id": "2021_036", "title": "24/6/2021 - Defence - GPS/AIS jamming/spoofing (GB)", "content_html": "AIS spoofing on naval ships in the Black Sea.", "url": "https://www.m-cert.fr/admiral/2021_036.html", "date_published": "Wed, 23 Jun 2021 22:00:00 -0000" }, { "id": "2021_037", "title": "29/6/2021 - Logistics - Virus/Ransomware (CL)", "content_html": "A maritime customs clearance agency is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_037.html", "date_published": "Mon, 28 Jun 2021 22:00:00 -0000" }, { "id": "2021_038", "title": "29/6/2021 - Shipowner - Virus/Ransomware (JP)", "content_html": "A shipowner is hit by a viral attack on one of its overseas subsidiaries.", "url": "https://www.m-cert.fr/admiral/2021_038.html", "date_published": "Mon, 28 Jun 2021 22:00:00 -0000" }, { "id": "2021_039", "title": "7/7/2021 - Organisation - Virus/Ransomware (NO)", "content_html": "According to sources, organisation working for the maritime and Marine Renewable Energy sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_039.html", "date_published": "Tue, 06 Jul 2021 22:00:00 -0000" }, { "id": "2021_040", "title": "9/7/2021 - Fishing - Virus/Ransomware (PE)", "content_html": "A fishing company is hit by a ransomware attack. Data leak risk.", "url": "https://www.m-cert.fr/admiral/2021_040.html", "date_published": "Thu, 08 Jul 2021 22:00:00 -0000" }, { "id": "2021_041", "title": "13/7/2021 - Logistics - Virus/Ransomware (SY)", "content_html": "A maritime transport company is victim of a ransomware cyber attack. Data leak.", "url": "https://www.m-cert.fr/admiral/2021_041.html", "date_published": "Mon, 12 Jul 2021 22:00:00 -0000" }, { "id": "2021_042", "title": "13/7/2021 - Logistics - Virus/Ransomware (ES)", "content_html": "A multimodal transport company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_042.html", "date_published": "Mon, 12 Jul 2021 22:00:00 -0000" }, { "id": "2021_043", "title": "22/7/2021 - Port - Virus/Ransomware (ZA)", "content_html": "A port operating system is hit by a cyber attack.", "url": "https://www.m-cert.fr/admiral/2021_043.html", "date_published": "Wed, 21 Jul 2021 22:00:00 -0000" }, { "id": "2021_044", "title": "29/7/2021 - Ship - GPS/AIS jamming/spoofing (XX)", "content_html": "Two reports on maritime AIS spoofing on maritime conflict zones.", "url": "https://www.m-cert.fr/admiral/2021_044.html", "date_published": "Wed, 28 Jul 2021 22:00:00 -0000" }, { "id": "2021_045", "title": "30/7/2021 - Logistics - Virus/Ransomware (PE)", "content_html": "A logistics company is victim of a ransomware cyber attack.", "url": "https://www.m-cert.fr/admiral/2021_045.html", "date_published": "Thu, 29 Jul 2021 22:00:00 -0000" }, { "id": "2021_046", "title": "9/8/2021 - Manufacturer - Virus/Ransomware (SG)", "content_html": "A manufacturer working on electricity equiment for ships and offshore is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_046.html", "date_published": "Sun, 08 Aug 2021 22:00:00 -0000" }, { "id": "2021_047", "title": "11/8/2021 - Logistics - Virus/Ransomware (ES)", "content_html": "A bunkering company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_047.html", "date_published": "Tue, 10 Aug 2021 22:00:00 -0000" }, { "id": "2021_048", "title": "11/8/2021 - Logistics - Virus/Ransomware (TR)", "content_html": "A multimodal logistics company is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_048.html", "date_published": "Tue, 10 Aug 2021 22:00:00 -0000" }, { "id": "2021_049", "title": "16/8/2021 - Insurer - Virus/Ransomware (SG)", "content_html": "An insurer is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_049.html", "date_published": "Sun, 15 Aug 2021 22:00:00 -0000" }, { "id": "2021_050", "title": "21/8/2021 - Fishing - Virus/Ransomware (JP)", "content_html": "A fishing company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_050.html", "date_published": "Fri, 20 Aug 2021 22:00:00 -0000" }, { "id": "2021_051", "title": "21/8/2021 - Logistics - Virus/Ransomware (DE)", "content_html": "A freight actor is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_051.html", "date_published": "Fri, 20 Aug 2021 22:00:00 -0000" }, { "id": "2021_052", "title": "2021 - Port - Intrusion (US)", "content_html": "An Internet-facing server is compromised but the consequences are limited.", "url": "https://www.m-cert.fr/admiral/2021_052.html" }, { "id": "2021_053", "title": "19/9/2021 - Shipowner - Data leak (FR)", "content_html": "The victim experienced a cyberattack under a year following a previous ransomware incident. According to sources, the shipping company suffered a data leak involving customer information, such as names, employers, positions, email addresses, and phone numbers. In response, its IT teams immediately developed and installed security patches.\nThe company had advised clients to be vigilant about their account security and to validate the authenticity of emails related to account access, hinting at the potential phishing origins of the attack.\nNo stoppage of client operations was reported.", "url": "https://www.m-cert.fr/admiral/2021_053.html", "date_published": "Sat, 18 Sep 2021 22:00:00 -0000" }, { "id": "2021_054", "title": "12/10/2021 - Offshore - Virus/Ransomware (TH)", "content_html": "An exploration and petroleum production company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_054.html", "date_published": "Mon, 11 Oct 2021 22:00:00 -0000" }, { "id": "2021_055", "title": "12/10/2021 - Offshore - Virus/Ransomware (QA)", "content_html": "An oil company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_055.html", "date_published": "Mon, 11 Oct 2021 22:00:00 -0000" }, { "id": "2021_056", "title": "21/10/2021 - Shipowner - Data leak (FR)", "content_html": "Personal data leak following website update.", "url": "https://www.m-cert.fr/admiral/2021_056.html", "date_published": "Wed, 20 Oct 2021 22:00:00 -0000" }, { "id": "2021_057", "title": "24/10/2021 - Shipyard - Virus/Ransomware (KR)", "content_html": "A shipyard is hit by a cyberattack.", "url": "https://www.m-cert.fr/admiral/2021_057.html", "date_published": "Sat, 23 Oct 2021 22:00:00 -0000" }, { "id": "2021_058", "title": "1/11/2021 - Shipowner - Virus/Ransomware (GR)", "content_html": "Several shipowners are victims of an attack on a common communication system.", "url": "https://www.m-cert.fr/admiral/2021_058.html", "date_published": "Sun, 31 Oct 2021 23:00:00 -0000" }, { "id": "2021_059", "title": "19/11/2021 - MRE - Virus/Ransomware (DK)", "content_html": "A company specialized - amongst others - in maritime renewable energies (MRE) is targeted by a ransomware attack. Data leak risk.", "url": "https://www.m-cert.fr/admiral/2021_059.html", "date_published": "Thu, 18 Nov 2021 23:00:00 -0000" }, { "id": "2021_060", "title": "20/11/2021 - Classification company - Intrusion (FR)", "content_html": "A classification company working for the maritime sector is hit by an undetailed intrusion which may have targeted its messaging systems.", "url": "https://www.m-cert.fr/admiral/2021_060.html", "date_published": "Fri, 19 Nov 2021 23:00:00 -0000" }, { "id": "2021_061", "title": "24/11/2021 - Logistics - Virus/Ransomware (AU)", "content_html": "A maritime freight company is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_061.html", "date_published": "Tue, 23 Nov 2021 23:00:00 -0000" }, { "id": "2021_062", "title": "25/11/2021 - Offshore - Virus/Ransomware (SG)", "content_html": "A company offering offshore services is hit by a ransomware cyberattack.", "url": "https://www.m-cert.fr/admiral/2021_062.html", "date_published": "Wed, 24 Nov 2021 23:00:00 -0000" }, { "id": "2021_063", "title": "27/11/2021 - Insurer - Virus/Ransomware (FR)", "content_html": "An insuring company working for the maritime sector is hit by a cyber-attack.", "url": "https://www.m-cert.fr/admiral/2021_063.html", "date_published": "Fri, 26 Nov 2021 23:00:00 -0000" }, { "id": "2021_064", "title": "30/11/2021 - Fluvial - Virus/Ransomware (AR)", "content_html": "A fluvial company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_064.html", "date_published": "Mon, 29 Nov 2021 23:00:00 -0000" }, { "id": "2021_065", "title": "6/12/2021 - Logistics - Virus/Ransomware (HK)", "content_html": "A logistics company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_065.html", "date_published": "Sun, 05 Dec 2021 23:00:00 -0000" }, { "id": "2021_066", "title": "8/12/2021 - Port - Virus/Ransomware (MY)", "content_html": "A port is targeted by a ransomware attack. Personal and commercial data leak risk.", "url": "https://www.m-cert.fr/admiral/2021_066.html", "date_published": "Tue, 07 Dec 2021 23:00:00 -0000" }, { "id": "2021_067", "title": "9/12/2021 - Logistics - Virus/Ransomware (SG)", "content_html": "A liner services agency and logistics company is hit by a ransomware attack. Personal and commercial data leak risk.", "url": "https://www.m-cert.fr/admiral/2021_067.html", "date_published": "Wed, 08 Dec 2021 23:00:00 -0000" }, { "id": "2021_068", "title": "14/12/2021 - Manufacturer - Virus/Ransomware (JP)", "content_html": "A manufacturer of - amongst others - marine motors is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_068.html", "date_published": "Mon, 13 Dec 2021 23:00:00 -0000" }, { "id": "2021_069", "title": "15/12/2021 - Logistics - Virus/Ransomware (DE)", "content_html": "A logistics company is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_069.html", "date_published": "Tue, 14 Dec 2021 23:00:00 -0000" }, { "id": "2021_070", "title": "19/12/2021 - Offshore - Virus/Ransomware (ID)", "content_html": "A company working in offshore oil&gas is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_070.html", "date_published": "Sat, 18 Dec 2021 23:00:00 -0000" }, { "id": "2021_071", "title": "25/12/2021 - Logistics - Virus/Ransomware (GB)", "content_html": "A logistics company is victime of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_071.html", "date_published": "Fri, 24 Dec 2021 23:00:00 -0000" }, { "id": "2021_072", "title": "28/12/2021 - Offshore - Virus/Ransomware (NO)", "content_html": "A company working in offshore oil&gas would have been hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2021_072.html", "date_published": "Mon, 27 Dec 2021 23:00:00 -0000" }, { "id": "2021_073", "title": "15/9/2021 - Port - Intrusion (US)", "content_html": "According to sources, during the inspection of a merchant ship delivering port cranes, counterintelligence services discover intelligence-gathering equipment on the ship.\nNo details were uncovered on the type of equipment, its location or potential capacities.", "url": "https://www.m-cert.fr/admiral/2021_073.html", "date_published": "Tue, 14 Sep 2021 22:00:00 -0000" }, { "id": "2022_001", "title": "6/1/2022 - Fishing - Virus/Ransomware (IT)", "content_html": "A company working in the fishing sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_001.html", "date_published": "Wed, 05 Jan 2022 23:00:00 -0000" }, { "id": "2022_002", "title": "7/1/2022 - Port - Virus/Ransomware (US)", "content_html": "A port authority is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_002.html", "date_published": "Thu, 06 Jan 2022 23:00:00 -0000" }, { "id": "2022_003", "title": "11/1/2022 - Logistics - Virus/Ransomware (IT)", "content_html": "A logistics company working - amongst others - in the maritime domain is hit by a cyber attack.", "url": "https://www.m-cert.fr/admiral/2022_003.html", "date_published": "Mon, 10 Jan 2022 23:00:00 -0000" }, { "id": "2022_004", "title": "14/1/2022 - Administration - Intrusion (UA)", "content_html": "The website of a maritime administration is hit by a cyber attack.", "url": "https://www.m-cert.fr/admiral/2022_004.html", "date_published": "Thu, 13 Jan 2022 23:00:00 -0000" }, { "id": "2022_005", "title": "15/1/2022 - Administration - Denial of service (KP)", "content_html": "A maritime administration is targeted by a denial of service attack.", "url": "https://www.m-cert.fr/admiral/2022_005.html", "date_published": "Fri, 14 Jan 2022 23:00:00 -0000" }, { "id": "2022_006", "title": "28/1/2022 - Shipowner - Intrusion (FR)", "content_html": "A transportation company is victim of intrusion attempts.", "url": "https://www.m-cert.fr/admiral/2022_006.html", "date_published": "Thu, 27 Jan 2022 23:00:00 -0000" }, { "id": "2022_007", "title": "28/1/2022 - Industry - Virus/Ransomware (BE)", "content_html": "A company working in the oil and gas sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_007.html", "date_published": "Thu, 27 Jan 2022 23:00:00 -0000" }, { "id": "2022_008", "title": "29/1/2022 - Industry - Virus/Ransomware (DE)", "content_html": "A company working in the oil and gas sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_008.html", "date_published": "Fri, 28 Jan 2022 23:00:00 -0000" }, { "id": "2022_009", "title": "1/2/2022 - Shipyard - Intrusion (IL)", "content_html": "A shipyard is victim of an intrusion.", "url": "https://www.m-cert.fr/admiral/2022_009.html", "date_published": "Mon, 31 Jan 2022 23:00:00 -0000" }, { "id": "2022_010", "title": "5/2/2022 - Logistics - Virus/Ransomware (US)", "content_html": "A multimodal transport company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_010.html", "date_published": "Fri, 04 Feb 2022 23:00:00 -0000" }, { "id": "2022_011", "title": "5/2/2022 - Industry - Virus/Ransomware (VN)", "content_html": "An oil company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_011.html", "date_published": "Fri, 04 Feb 2022 23:00:00 -0000" }, { "id": "2022_012", "title": "7/2/2022 - Shipowner - Intrusion (GB)", "content_html": "A ferry company is victim of an intrusion. Personal data leak.", "url": "https://www.m-cert.fr/admiral/2022_012.html", "date_published": "Sun, 06 Feb 2022 23:00:00 -0000" }, { "id": "2022_013", "title": "9/2/2022 - Industry - Virus/Ransomware (VN)", "content_html": "A company working in the oil and gas sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_013.html", "date_published": "Tue, 08 Feb 2022 23:00:00 -0000" }, { "id": "2022_014", "title": "14/2/2022 - Industry - Virus/Ransomware (DE)", "content_html": "A maritime engineering company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_014.html", "date_published": "Sun, 13 Feb 2022 23:00:00 -0000" }, { "id": "2022_015", "title": "20/2/2022 - Shipowner - Virus/Ransomware (GB)", "content_html": "A luxury cruising company is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_015.html", "date_published": "Sat, 19 Feb 2022 23:00:00 -0000" }, { "id": "2022_016", "title": "20/2/2022 - Logistics - Virus/Ransomware (US)", "content_html": "A worldwide logistics company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_016.html", "date_published": "Sat, 19 Feb 2022 23:00:00 -0000" }, { "id": "2022_017", "title": "21/2/2022 - Shipyard - Virus/Ransomware (KR)", "content_html": "A shipyard is hit by a cyberattack.", "url": "https://www.m-cert.fr/admiral/2022_017.html", "date_published": "Sun, 20 Feb 2022 23:00:00 -0000" }, { "id": "2022_018", "title": "21/2/2022 - Port - Virus/Ransomware (IN)", "content_html": "A port is targeted by a cyberattack. Ships are diverted from this destination to compensate for the slowdown in the port.", "url": "https://www.m-cert.fr/admiral/2022_018.html", "date_published": "Sun, 20 Feb 2022 23:00:00 -0000" }, { "id": "2022_019", "title": "23/2/2022 - Port - Data leak (IL)", "content_html": "The victims, two major ports, Ashdod and Haifa, were targeted by Iran's Islamic Revolutionary Guard Corps (IRGC) during an attack. The attacker broadcasted videos captured from security cameras at these sites. Along with the footage, which depicted entry gates, office settings, and workers, the IRGC also released personal details, identification documents, and other sensitive information about hundreds of port staff on its Telegram app channel.\nAccording to sources, Iranian hackers affiliated with the IRGC claimed responsibility for the data acquisition. However, representatives from both Israeli ports have countered these claims, emphasizing that the displayed footage and data were not directly extracted from their security apparatus. Instead, they believe the information was sourced from a third-party company that previously managed camera operations at the ports. They further underscored that the showcased videos were outdated. How the hackers obtained detailed information about the port employees remains unclear.\nThis attack follows an alleged cyberattack on Iran's Shahid Rajaee port, purportedly initiated by Israel, sources report, on May 9, 2020.", "url": "https://www.m-cert.fr/admiral/2022_019.html", "date_published": "Tue, 22 Feb 2022 23:00:00 -0000" }, { "id": "2022_020", "title": "24/2/2022 - MRE - Intrusion (US)", "content_html": "An cyberattack on the ground segment of a satellite communication companyleads to the loss of the remote monitoring of several thousands windurbines - some being offshore.", "url": "https://www.m-cert.fr/admiral/2022_020.html", "date_published": "Wed, 23 Feb 2022 23:00:00 -0000" }, { "id": "2022_021", "title": "26/2/2022 - Ship - GPS/AIS jamming/spoofing (UA)", "content_html": "Several cases of AIS spoofing in the context of the Russian/Ukraine conflict. Probably achieved out of the RF spectrum (ie on the API of certain AIS fusion web portals).", "url": "https://www.m-cert.fr/admiral/2022_021.html", "date_published": "Fri, 25 Feb 2022 23:00:00 -0000" }, { "id": "2022_022", "title": "28/2/2022 - Manufacturer - Virus/Ransomware (US)", "content_html": "According to sources, a marine construction company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_022.html", "date_published": "Sun, 27 Feb 2022 23:00:00 -0000" }, { "id": "2022_023", "title": "7/3/2022 - Shipowner - Spearphishing (DE)", "content_html": "The website of a shipowner is counterfeit to operate spear phishing activities.", "url": "https://www.m-cert.fr/admiral/2022_023.html", "date_published": "Sun, 06 Mar 2022 23:00:00 -0000" }, { "id": "2022_024", "title": "18/3/2022 - Logistics - Virus/Ransomware (LB)", "content_html": "A multimodal transport company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_024.html", "date_published": "Thu, 17 Mar 2022 23:00:00 -0000" }, { "id": "2022_025", "title": "25/3/2022 - Port - Spearphishing (US)", "content_html": "Several websites of the US Maritime Transportation System are spoofed in order to operate cyberattacks on customers.", "url": "https://www.m-cert.fr/admiral/2022_025.html", "date_published": "Thu, 24 Mar 2022 23:00:00 -0000" }, { "id": "2022_026", "title": "31/3/2022 - MRE - Virus/Ransomware (DE)", "content_html": "A MRE specialized company is hit by a ransomware cyber attack.", "url": "https://www.m-cert.fr/admiral/2022_026.html", "date_published": "Wed, 30 Mar 2022 22:00:00 -0000" }, { "id": "2022_027", "title": "31/3/2022 - Shipowner - Virus/Ransomware (GB)", "content_html": "A company specialized in the rental of luxury yachts is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_027.html", "date_published": "Wed, 30 Mar 2022 22:00:00 -0000" }, { "id": "2022_028", "title": "13/4/2022 - Undersea cable - Intrusion (US)", "content_html": "A telecommunications company operating a submarine cable is victim of a computer attack on the cable's management infrastructure.", "url": "https://www.m-cert.fr/admiral/2022_028.html", "date_published": "Tue, 12 Apr 2022 22:00:00 -0000" }, { "id": "2022_029", "title": "14/4/2022 - Port - Virus/Ransomware (OM)", "content_html": "A port is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_029.html", "date_published": "Wed, 13 Apr 2022 22:00:00 -0000" }, { "id": "2022_030", "title": "15/4/2022 - Port - Virus/Ransomware (IQ)", "content_html": "A multimodal port is targeted by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_030.html", "date_published": "Thu, 14 Apr 2022 22:00:00 -0000" }, { "id": "2022_031", "title": "17/4/2022 - Shipowner - Virus/Ransomware (GB)", "content_html": "A ferry company is hit by a cyberattack.", "url": "https://www.m-cert.fr/admiral/2022_031.html", "date_published": "Sat, 16 Apr 2022 22:00:00 -0000" }, { "id": "2022_032", "title": "19/4/2022 - Insurer - Scam (GB)", "content_html": "According to sources, the victim was deceived into transferring funds into a fabricated bank account under the impression that it belonged to the victim. The club has emphasized that such occurrences of cyber fraud targeting them are rare.\n\nDue to this incident, members were alerted to exercise caution regarding potential cyber fraud. Members were also reminded to cross-check any changes in banking details with their regular contact at the victim's office.", "url": "https://www.m-cert.fr/admiral/2022_032.html", "date_published": "Mon, 18 Apr 2022 22:00:00 -0000" }, { "id": "2022_033", "title": "20/4/2022 - Shipowner - Virus/Ransomware (GR)", "content_html": "A shipping compagny is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_033.html", "date_published": "Tue, 19 Apr 2022 22:00:00 -0000" }, { "id": "2022_034", "title": "23/4/2022 - MRE - Virus/Ransomware (DE)", "content_html": "A compagny working in the on shore and offshore windturbines market is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_034.html", "date_published": "Fri, 22 Apr 2022 22:00:00 -0000" }, { "id": "2022_035", "title": "26/4/2022 - Industry - Virus/Ransomware (PE)", "content_html": "An industry company working on maritime pier construction is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_035.html", "date_published": "Mon, 25 Apr 2022 22:00:00 -0000" }, { "id": "2022_036", "title": "27/4/2022 - Shipowner - Virus/Ransomware (GR)", "content_html": "A shipowner working in the ferry industry is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_036.html", "date_published": "Tue, 26 Apr 2022 22:00:00 -0000" }, { "id": "2022_037", "title": "29/4/2022 - Industry - Virus/Ransomware (US)", "content_html": "An industry company working for the maritime sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_037.html", "date_published": "Thu, 28 Apr 2022 22:00:00 -0000" }, { "id": "2022_038", "title": "10/5/2022 - Fishing - Virus/Ransomware (US)", "content_html": "A fishery company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_038.html", "date_published": "Mon, 09 May 2022 22:00:00 -0000" }, { "id": "2022_039", "title": "13/5/2022 - Industry - Virus/Ransomware (US)", "content_html": "A company working in the manufacturing and sale of marine equipment is victim of a ransomware attack", "url": "https://www.m-cert.fr/admiral/2022_039.html", "date_published": "Thu, 12 May 2022 22:00:00 -0000" }, { "id": "2022_040", "title": "21/5/2022 - Logistics - Virus/Ransomware (TW)", "content_html": "A multimodal logistics company is hit by a ransomware attack. Data leak.", "url": "https://www.m-cert.fr/admiral/2022_040.html", "date_published": "Fri, 20 May 2022 22:00:00 -0000" }, { "id": "2022_041", "title": "23/5/2022 - Fluvial - Denial of service (GB)", "content_html": "The Internet website of a fluvial port is hit by a DDoS attack.", "url": "https://www.m-cert.fr/admiral/2022_041.html", "date_published": "Sun, 22 May 2022 22:00:00 -0000" }, { "id": "2022_042", "title": "24/5/2022 - Administration - Data leak (CY)", "content_html": "A database containing the affiliates of a political body related to the maritime world is sold online.", "url": "https://www.m-cert.fr/admiral/2022_042.html", "date_published": "Mon, 23 May 2022 22:00:00 -0000" }, { "id": "2022_043", "title": "1/6/2022 - Fishing - Data leak (JP)", "content_html": "A fishery cooperative's customer information have been leaked due to an infection by the Emotet malware.", "url": "https://www.m-cert.fr/admiral/2022_043.html", "date_published": "Tue, 31 May 2022 22:00:00 -0000" }, { "id": "2022_044", "title": "2/6/2022 - Port - Denial of service (IT)", "content_html": "Several web applications of ports are targeted by a DDoS attack.", "url": "https://www.m-cert.fr/admiral/2022_044.html", "date_published": "Wed, 01 Jun 2022 22:00:00 -0000" }, { "id": "2022_045", "title": "3/6/2022 - Logistics - Virus/Ransomware (US)", "content_html": "A multimodal logistics company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_045.html", "date_published": "Thu, 02 Jun 2022 22:00:00 -0000" }, { "id": "2022_046", "title": "4/6/2022 - Logistics - Virus/Ransomware (JP)", "content_html": "A freight forwarding company is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_046.html", "date_published": "Fri, 03 Jun 2022 22:00:00 -0000" }, { "id": "2022_047", "title": "6/6/2022 - Logistics - Virus/Ransomware (ID)", "content_html": "A logistics company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_047.html", "date_published": "Sun, 05 Jun 2022 22:00:00 -0000" }, { "id": "2022_048", "title": "10/6/2022 - Logistics - Virus/Ransomware (CY)", "content_html": "A maritime freight company is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_048.html", "date_published": "Thu, 09 Jun 2022 22:00:00 -0000" }, { "id": "2022_049", "title": "12/6/2022 - Industry - Virus/Ransomware (US)", "content_html": "A company working in the oil and gas sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_049.html", "date_published": "Sat, 11 Jun 2022 22:00:00 -0000" }, { "id": "2022_050", "title": "14/6/2022 - Industry - Virus/Ransomware (ID)", "content_html": "A company working in the oil and gas sector is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_050.html", "date_published": "Mon, 13 Jun 2022 22:00:00 -0000" }, { "id": "2022_051", "title": "24/6/2022 - Shipowner - Virus/Ransomware (LT)", "content_html": "A ferry company is hit by a cyberattack.", "url": "https://www.m-cert.fr/admiral/2022_051.html", "date_published": "Thu, 23 Jun 2022 22:00:00 -0000" }, { "id": "2022_052", "title": "28/6/2022 - Port - Data leak (TW)", "content_html": "Database on ships and their load transiting through a Taiwanese port is published.", "url": "https://www.m-cert.fr/admiral/2022_052.html", "date_published": "Mon, 27 Jun 2022 22:00:00 -0000" }, { "id": "2022_053", "title": "29/6/2022 - Logistics - Virus/Ransomware (TR)", "content_html": "A maritime freight company is hit by a cyberattack.", "url": "https://www.m-cert.fr/admiral/2022_053.html", "date_published": "Tue, 28 Jun 2022 22:00:00 -0000" }, { "id": "2022_054", "title": "29/6/2022 - Industry - Virus/Ransomware (US)", "content_html": "A company providing solutions for the submarine and oceanographic and defence industries is hit by a cyberattack.", "url": "https://www.m-cert.fr/admiral/2022_054.html", "date_published": "Tue, 28 Jun 2022 22:00:00 -0000" }, { "id": "2022_055", "title": "29/6/2022 - Logistics - Virus/Ransomware (IN)", "content_html": "Shipping solution company hit by cyberattack.", "url": "https://www.m-cert.fr/admiral/2022_055.html", "date_published": "Tue, 28 Jun 2022 22:00:00 -0000" }, { "id": "2022_056", "title": "30/6/2022 - Offshore - Phishing (AU)", "content_html": "Phishing campaign from April to June targets offshore windfarms operators.", "url": "https://www.m-cert.fr/admiral/2022_056.html", "date_published": "Wed, 29 Jun 2022 22:00:00 -0000" }, { "id": "2022_057", "title": "2/7/2022 - Logistics - Virus/Ransomware (US)", "content_html": "A multimodal logistics company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_057.html", "date_published": "Fri, 01 Jul 2022 22:00:00 -0000" }, { "id": "2022_058", "title": "4/7/2022 - Organisation - Website Compromission (FR)", "content_html": "The website of a non profit organisation linked to the naval sector is compromised.", "url": "https://www.m-cert.fr/admiral/2022_058.html", "date_published": "Sun, 03 Jul 2022 22:00:00 -0000" }, { "id": "2022_059", "title": "4/7/2022 - Shipowner - Virus/Ransomware (GB)", "content_html": "A ferry company is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_059.html", "date_published": "Sun, 03 Jul 2022 22:00:00 -0000" }, { "id": "2022_060", "title": "6/7/2022 - Industry - Virus/Ransomware (FR)", "content_html": "A supplying company for port and naval sector is hit by a ransomware attack. Data leak.", "url": "https://www.m-cert.fr/admiral/2022_060.html", "date_published": "Tue, 05 Jul 2022 22:00:00 -0000" }, { "id": "2022_061", "title": "11/7/2022 - Ship - Data leak (TR)", "content_html": "A company working in the maritime satellite telecommunication ecosystem is hit by a ransomware threat actor. Data leak", "url": "https://www.m-cert.fr/admiral/2022_061.html", "date_published": "Sun, 10 Jul 2022 22:00:00 -0000" }, { "id": "2022_062", "title": "14/7/2022 - Shipowner - Virus/Ransomware (US)", "content_html": "A shipowner of barges and tugs is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_062.html", "date_published": "Wed, 13 Jul 2022 22:00:00 -0000" }, { "id": "2022_063", "title": "22/7/2022 - Logistics - Virus/Ransomware (FI)", "content_html": "An important manufacturer of electric - electronic - IT and OT equipment for the maritime sector is hit by a ransomware attack. Data leak.", "url": "https://www.m-cert.fr/admiral/2022_063.html", "date_published": "Thu, 21 Jul 2022 22:00:00 -0000" }, { "id": "2022_064", "title": "22/7/2022 - Education - Virus/Ransomware (PH)", "content_html": "A maritime academy is hit by a ransomware attack. Database leaked is seen on sale the following days.", "url": "https://www.m-cert.fr/admiral/2022_064.html", "date_published": "Thu, 21 Jul 2022 22:00:00 -0000" }, { "id": "2022_065", "title": "1/8/2022 - Defence - Data leak (IT)", "content_html": "A company working in the missile industry for the maritime sector is concerned by a data leak relative to possible sensitive documents saved on a hard drive.", "url": "https://www.m-cert.fr/admiral/2022_065.html", "date_published": "Sun, 31 Jul 2022 22:00:00 -0000" }, { "id": "2022_066", "title": "6/8/2022 - Logistics - Virus/Ransomware (BG)", "content_html": "A freight transport company is hit by a ransomware", "url": "https://www.m-cert.fr/admiral/2022_066.html", "date_published": "Fri, 05 Aug 2022 22:00:00 -0000" }, { "id": "2022_067", "title": "17/8/2022 - Shipowner - Phishing (IL)", "content_html": "A state actor is said to have targeted shipping industry.", "url": "https://www.m-cert.fr/admiral/2022_067.html", "date_published": "Tue, 16 Aug 2022 22:00:00 -0000" }, { "id": "2022_068", "title": "18/8/2022 - Industry - Data leak (FR)", "content_html": "A company linked to naval defence industry claims to be affected by a data leak.", "url": "https://www.m-cert.fr/admiral/2022_068.html", "date_published": "Wed, 17 Aug 2022 22:00:00 -0000" }, { "id": "2022_069", "title": "25/8/2022 - Logistics - Data leak (SG)", "content_html": "A database concerning an ongoing developped tool is leaked.", "url": "https://www.m-cert.fr/admiral/2022_069.html", "date_published": "Wed, 24 Aug 2022 22:00:00 -0000" }, { "id": "2022_070", "title": "31/8/2022 - Shipyard - Intrusion (SG)", "content_html": "An offshore platform and ship builder detects an intrusion into its IT systems. Personal data leak.", "url": "https://www.m-cert.fr/admiral/2022_070.html", "date_published": "Tue, 30 Aug 2022 22:00:00 -0000" }, { "id": "2022_071", "title": "2/9/2022 - Logistics - Virus/Ransomware (SA)", "content_html": "A multimodal logistics actor is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_071.html", "date_published": "Thu, 01 Sep 2022 22:00:00 -0000" }, { "id": "2022_072", "title": "5/9/2022 - Logistics - Virus/Ransomware (PA)", "content_html": "A multimodal logistics actor is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_072.html", "date_published": "Sun, 04 Sep 2022 22:00:00 -0000" }, { "id": "2022_073", "title": "13/9/2022 - Education - Phishing (CN)", "content_html": "An education and research center claimed to be hit by advanced phishing and intrusion activities.", "url": "https://www.m-cert.fr/admiral/2022_073.html", "date_published": "Mon, 12 Sep 2022 22:00:00 -0000" }, { "id": "2022_074", "title": "15/9/2022 - Port - Virus/Ransomware (SG)", "content_html": "A port actor is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_074.html", "date_published": "Wed, 14 Sep 2022 22:00:00 -0000" }, { "id": "2022_075", "title": "18/9/2022 - Port - Virus/Ransomware (PH)", "content_html": "A port actor working in the Liquefied petroleum gas industry is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_075.html", "date_published": "Sat, 17 Sep 2022 22:00:00 -0000" }, { "id": "2022_077", "title": "3/10/2022 - Shipowner - Data leak (ID)", "content_html": "Ships CCTV pictures are available online.", "url": "https://www.m-cert.fr/admiral/2022_077.html", "date_published": "Sun, 02 Oct 2022 22:00:00 -0000" }, { "id": "2022_078", "title": "4/10/2022 - Industry - Virus/Ransomware (US)", "content_html": "A company working for complex subsea operations is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_078.html", "date_published": "Mon, 03 Oct 2022 22:00:00 -0000" }, { "id": "2022_079", "title": "9/10/2022 - Organisation - Virus/Ransomware (FR)", "content_html": "A conglomerate linked to the maritime world is hit by a ransomware.", "url": "https://www.m-cert.fr/admiral/2022_079.html", "date_published": "Sat, 08 Oct 2022 22:00:00 -0000" }, { "id": "2022_080", "title": "12/10/2022 - Port - Virus/Ransomware (US)", "content_html": "An organisation managing the storage and transfert of vehicles within ports is hit by a ra/nsomware attack.", "url": "https://www.m-cert.fr/admiral/2022_080.html", "date_published": "Tue, 11 Oct 2022 22:00:00 -0000" }, { "id": "2022_081", "title": "15/10/2022 - Port - Denial of service (BG)", "content_html": "Several web applications of ports and maritime administrations are targeted by a DDoS attack.", "url": "https://www.m-cert.fr/admiral/2022_081.html", "date_published": "Fri, 14 Oct 2022 22:00:00 -0000" }, { "id": "2022_082", "title": "4/11/2022 - Logistics - Virus/Ransomware (US)", "content_html": "A port logistic actor is hit by a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2022_082.html", "date_published": "Thu, 03 Nov 2022 23:00:00 -0000" }, { "id": "2022_083", "title": "24/11/2022 - Port - Phishing (FR)", "content_html": "A ports actors association is hit by a phishing campaign.", "url": "https://www.m-cert.fr/admiral/2022_083.html", "date_published": "Wed, 23 Nov 2022 23:00:00 -0000" }, { "id": "2022_084", "title": "17/10/2022 - Port - Virus/Ransomware (NL)", "content_html": "The victim, a multinational port operating entity headquartered in The Hague, Netherlands, operates 74 port and terminal facilities in 40 countries. According to sources, on 17 October, its Guatemalan subsidiary was victim of a ransomware attack. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of the Hive ransomware group, which later proclaimed responsibility.\n\nThe encryption of company systems was claimed on 7th of November. However, the extent of encrypted data and any subsequent discussions with the organization remain undisclosed.", "url": "https://www.m-cert.fr/admiral/2022_084.html", "date_published": "Sun, 16 Oct 2022 22:00:00 -0000" }, { "id": "2022_085", "title": "2/12/2022 - IT Services - Undisclosed (SG)", "content_html": "A fleet tracking software provider is hit by a cyber attack and its cloud service is disrupted.", "url": "https://www.m-cert.fr/admiral/2022_085.html", "date_published": "Thu, 01 Dec 2022 23:00:00 -0000" }, { "id": "2022_086", "title": "20/12/2022 - Shipyard - Undisclosed (DE)", "content_html": "The head-branch of a naval shipyard and marine material company is hit by a cyber attack.", "url": "https://www.m-cert.fr/admiral/2022_086.html", "date_published": "Mon, 19 Dec 2022 23:00:00 -0000" }, { "id": "2022_087", "title": "26/12/2022 - Port - Virus/Ransomware (PT)", "content_html": "The victim, a crucial hub of maritime activity in Portugal's capital and one of Europe's most accessed ports, experienced a cyberattack on Christmas Day. This port plays a strategic role, with over 3,500 vessel calls and managing more than 13.4 million tons of cargo annually.\n\nAccording to sources, the port was victim of a ransomware attack that day. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of the LockBit ransomware group.\n\nThe attack did not affect the port's operations but led to the shutdown of its website and internal systems. The attacking group has threatened to release a vast array of the port’s confidential data unless their ransom demands are met, claiming to possess sensitive information such as financial reports, audits, contracts, and personal data.", "url": "https://www.m-cert.fr/admiral/2022_087.html", "date_published": "Sun, 25 Dec 2022 23:00:00 -0000" }, { "id": "2022_088", "title": "6/9/2022 - Port - Denial of service (JP)", "content_html": "Pro-Russia hackers have claimed responsibility for launching distributed denial of service (DDoS) attacks on Japanese government and company websites. The attacks, claimed by the group were described by the attacking group as a "declaration of war on the Japanese national government". They temporarily impacted various government websites, including the Nagoya Port Authority's site, which was down for about 40 minutes.", "url": "https://www.m-cert.fr/admiral/2022_088.html", "date_published": "Mon, 05 Sep 2022 22:00:00 -0000" }, { "id": "2023_001", "title": "7/1/2023 - IT Services - Virus/Ransomware (NO)", "content_html": "The victim, a prominent classification society, is also known for its marine fleet management software.\n\nAccording to sources, on January 7th, the servers of its fleet management software were shut down, following a ransomware attack. Following the attack, the server environment underwent extensive rebuilding. The affected servers were sequestered from the broader IT infrastructure, with a subsequent forensic investigation.\n\nConsequently, about 70 customers and approximately 1,000 vessels using the service were impacted by the disruption (it is wrong to say that 1,000 vessels were targeted by the ransomware attack, as can be sometimes read. Communications have been ongoing with these affected parties.", "url": "https://www.m-cert.fr/admiral/2023_001.html", "date_published": "Fri, 06 Jan 2023 23:00:00 -0000" }, { "id": "2023_002", "title": "9/2/2023 - Organisation - Spearphishing (PK)", "content_html": "According to the source, a previously unknown threat actor has emerged, targeting organizations in Pakistan through a sophisticated payload delivery method. The attacker capitalized on an international naval conference to deceive potential victims.\n\nThe attacker initiated their campaign by sending targeted phishing emails containing a weaponized document masquerading as an exhibitor manual for the conference. This document employed a remote template injection technique and embedded malicious Visual Basic for Applications (VBA) macro code to execute the next stage of the attack, ultimately leading to the final payload.\n\nThe final payload was an advanced espionage tool encrypted using XOR encryption with a unique "penguin" encryption key. Notably, the content-disposition response header name parameter is set to "getlatestnews" during the HTTP response. Consequently, this threat actor has been named NewsPenguin.", "url": "https://www.m-cert.fr/admiral/2023_002.html", "date_published": "Wed, 08 Feb 2023 23:00:00 -0000" }, { "id": "2023_003", "title": "5/2/2023 - IT Services - Virus/Ransomware (FR)", "content_html": "A Distributed Denial of Service (DDoS) attack targeted a cloud service provider, impacting an maritime IT services company hosting its services on the targeted servers.", "url": "https://www.m-cert.fr/admiral/2023_003.html", "date_published": "Sat, 04 Feb 2023 23:00:00 -0000" }, { "id": "2023_004", "title": "15/2/2023 - Offshore - Virus/Ransomware (NO)", "content_html": "A Norwegian offshore engineering contractor reported a cyberattack on its subsidiary in Brazil. The subsidiary provides maintenance and modification services for offshore oil and gas installations. The attack impacted the subsidiary's IT systems, and the group worked to contain and neutralize the threat. The full extent of the breach was to be determined, and the company was in dialogue with Brazilian authorities regarding the incident.\nThe attackers claim to have gained access to the IT systems, encrypted digital files, and locked access to data. The company currently has no indications that other parts of its IT systems were infected.", "url": "https://www.m-cert.fr/admiral/2023_004.html", "date_published": "Tue, 14 Feb 2023 23:00:00 -0000" }, { "id": "2023_005", "title": "21/2/2023 - Defence - Denial of service (FR)", "content_html": "A collective of Russian hacktivists launched cyberattacks on several state websites during Vladimir Putin's annual speech. The targeted sites included adminitrations, open data access platforms and a defense naval industry group. The attacks used distributed denial of service (DDoS) tactics, overwhelming the sites with simultaneous connection requests. While these attacks caused temporary outages, they had no serious consequences.\n\nThe hacktivists' actions appear to be symbolic, targeting random state platforms until they find one with weaker security measures. They boasted about their activities on social media..", "url": "https://www.m-cert.fr/admiral/2023_005.html", "date_published": "Mon, 20 Feb 2023 23:00:00 -0000" }, { "id": "2023_006", "title": "24/2/2023 - Defence - Virus/Ransomware (FR)", "content_html": "The victim was hit by a ransomware attack. Few details were made public.", "url": "https://www.m-cert.fr/admiral/2023_006.html", "date_published": "Thu, 23 Feb 2023 23:00:00 -0000" }, { "id": "2023_007", "title": "7/3/2023 - Logistics - Denial of service (LT)", "content_html": "A pro-Russian threat actor target the victim, a logistics and transportation company. According to the source, the website disruption forced the company's portal offline, causing significant interference in its operations.", "url": "https://www.m-cert.fr/admiral/2023_007.html", "date_published": "Mon, 06 Mar 2023 23:00:00 -0000" }, { "id": "2023_008", "title": "6/3/2023 - IT Services - Virus/Ransomware (NL)", "content_html": "A company specialized in vessel monitoring services is facing a data leak risk after a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_008.html", "date_published": "Sun, 05 Mar 2023 23:00:00 -0000" }, { "id": "2023_011", "title": "6/3/2023 - Administration - Intrusion (AU)", "content_html": "According to sources, the victim faced an internal cyberattack in which a 23-year-old individual, who was reportedly an IT support worker for a third-party contractor for the museum, accessed financial records and systems. The attacker manipulated the account payable system, replacing the information with his own and conducting multiple unauthorized purchases. Suspicion arose when discrepancies were detected in financial data provided to contracted companies. After engaging independent forensics experts, the museum discovered anomalies and reported the incident to the police.\nThe suspect's involvement in the attack was traced, leading to his arrest and the seizure of electronic items. The attacker would have redirected around $90,000 as part of the cybercrime.", "url": "https://www.m-cert.fr/admiral/2023_011.html", "date_published": "Sun, 05 Mar 2023 23:00:00 -0000" }, { "id": "2023_012", "title": "7/3/2023 - Defence - Denial of service (DE)", "content_html": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_012.html", "date_published": "Mon, 06 Mar 2023 23:00:00 -0000" }, { "id": "2023_013", "title": "15/3/2023 - Defence - Human error (FR)", "content_html": "A major player in the Defence and Naval sector is victim of a leak of confidential data following a configuration error.", "url": "https://www.m-cert.fr/admiral/2023_013.html", "date_published": "Tue, 14 Mar 2023 23:00:00 -0000" }, { "id": "2023_014", "title": "18/3/2023 - Shipowner - Denial of service (DK)", "content_html": "A hacktivist group leaks data, claiming they belong to a container shipping company.", "url": "https://www.m-cert.fr/admiral/2023_014.html", "date_published": "Fri, 17 Mar 2023 23:00:00 -0000" }, { "id": "2023_015", "title": "20/3/2023 - MRE - Virus/Ransomware (DE)", "content_html": "An engineering company operating in the field of renewable marine energies is threatened with data leaks following a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_015.html", "date_published": "Sun, 19 Mar 2023 23:00:00 -0000" }, { "id": "2023_016", "title": "21/3/2023 - Industry - Denial of service (AU)", "content_html": "A company specialized in underwater work and work on port is victim of a distributed denial of service attack in response to the use of clothing deemed insulting during the Melbourne fashion show.", "url": "https://www.m-cert.fr/admiral/2023_016.html", "date_published": "Mon, 20 Mar 2023 23:00:00 -0000" }, { "id": "2023_017", "title": "21/3/2023 - Port - Denial of service (AU)", "content_html": "A port is victim of distributed denial of service attack in response to the use of garment deemed insulting at Melbourne fashion show.", "url": "https://www.m-cert.fr/admiral/2023_017.html", "date_published": "Mon, 20 Mar 2023 23:00:00 -0000" }, { "id": "2023_018", "title": "21/3/2023 - Port - Denial of service (AU)", "content_html": "Port management company of Bunbury and Esperance suffers distributed denial of service attack in response to the use of garment deemed insulting at Melbourne fashion show.", "url": "https://www.m-cert.fr/admiral/2023_018.html", "date_published": "Mon, 20 Mar 2023 23:00:00 -0000" }, { "id": "2023_019", "title": "21/3/2023 - Port - Denial of service (AU)", "content_html": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_019.html", "date_published": "Mon, 20 Mar 2023 23:00:00 -0000" }, { "id": "2023_020", "title": "21/3/2023 - Port - Denial of service (AU)", "content_html": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_020.html", "date_published": "Mon, 20 Mar 2023 23:00:00 -0000" }, { "id": "2023_021", "title": "21/3/2023 - Port - Denial of service (AU)", "content_html": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_021.html", "date_published": "Mon, 20 Mar 2023 23:00:00 -0000" }, { "id": "2023_022", "title": "21/3/2023 - Port - Denial of service (AU)", "content_html": "The victim is targeted by a Distributed Denial of Service cyber attack by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_022.html", "date_published": "Mon, 20 Mar 2023 23:00:00 -0000" }, { "id": "2023_023", "title": "22/3/2023 - Administration - Denial of service (IT)", "content_html": "The Ministry of Transport, as well as the transport regulatory authority are targeted by a distributed denial of service attack.", "url": "https://www.m-cert.fr/admiral/2023_023.html", "date_published": "Tue, 21 Mar 2023 23:00:00 -0000" }, { "id": "2023_024", "title": "23/3/2023 - Port - Denial of service (AU)", "content_html": "A port suffers from a distributed denial of service attack in response to use of garment deemed offensive at Melbourne fashion show.", "url": "https://www.m-cert.fr/admiral/2023_024.html", "date_published": "Wed, 22 Mar 2023 23:00:00 -0000" }, { "id": "2023_025", "title": "23/3/2023 - Shipyard - Virus/Ransomware (AE)", "content_html": "A shipbuilding company falls victim to ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_025.html", "date_published": "Wed, 22 Mar 2023 23:00:00 -0000" }, { "id": "2023_026", "title": "24/3/2023 - Defence - Virus/Ransomware (FR)", "content_html": "A specialist in data processing software solutions, particularly established in the field of defence, is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_026.html", "date_published": "Thu, 23 Mar 2023 23:00:00 -0000" }, { "id": "2023_027", "title": "31/3/2023 - Port - Denial of service (IL)", "content_html": "A port is victim of a distributed denial of service attack, perpetrated by a Muslim hacktivist movement.", "url": "https://www.m-cert.fr/admiral/2023_027.html", "date_published": "Thu, 30 Mar 2023 22:00:00 -0000" }, { "id": "2023_028", "title": "31/3/2023 - Port - Denial of service (IL)", "content_html": "A port is victim of a distributed denial of service attack, perpetrated by a Muslim hacktivist movement.", "url": "https://www.m-cert.fr/admiral/2023_028.html", "date_published": "Thu, 30 Mar 2023 22:00:00 -0000" }, { "id": "2023_029", "title": "9/4/2023 - Administration - Intrusion (SD)", "content_html": "The national Ports Authority is threatened of data leak following an attack carried out by a hacktivist group of Indian origin, in response to attacks carried out by Anonymous Sudan on Indian infrastructures.", "url": "https://www.m-cert.fr/admiral/2023_029.html", "date_published": "Sat, 08 Apr 2023 22:00:00 -0000" }, { "id": "2023_030", "title": "9/4/2023 - Administration - Denial of service (DE)", "content_html": "The Ministry of Transport and Digital Infrastructure is victim of a distributed denial of service attack.", "url": "https://www.m-cert.fr/admiral/2023_030.html", "date_published": "Sat, 08 Apr 2023 22:00:00 -0000" }, { "id": "2023_031", "title": "11/4/2023 - Port - Denial of service (CA)", "content_html": "A port is victim of a distributed denial of service attack, provoked by a pro-Russian hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_031.html", "date_published": "Mon, 10 Apr 2023 22:00:00 -0000" }, { "id": "2023_032", "title": "12/4/2023 - Defence - Virus/Ransomware (US)", "content_html": "A shipyard specializing in the Defence sector is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_032.html", "date_published": "Tue, 11 Apr 2023 22:00:00 -0000" }, { "id": "2023_033", "title": "12/4/2023 - Shipyard - Virus/Ransomware (DE)", "content_html": "A shipbuilder specializing in luxury yachts is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_033.html", "date_published": "Tue, 11 Apr 2023 22:00:00 -0000" }, { "id": "2023_034", "title": "12/4/2023 - Port - Denial of service (CA)", "content_html": "A port is victim of a distributed denial of service attack, provoked by a pro-Russian hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_034.html", "date_published": "Tue, 11 Apr 2023 22:00:00 -0000" }, { "id": "2023_035", "title": "12/4/2023 - Port - Denial of service (CA)", "content_html": "A port is victim of a distributed denial of service attack, provoked by a pro-Russian hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_035.html", "date_published": "Tue, 11 Apr 2023 22:00:00 -0000" }, { "id": "2023_036", "title": "12/4/2023 - Shipyard - Virus/Ransomware (DE)", "content_html": "A shipbuilder specializing in luxury yachts is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_036.html", "date_published": "Tue, 11 Apr 2023 22:00:00 -0000" }, { "id": "2023_037", "title": "12/4/2023 - Port - Denial of service (CA)", "content_html": "A port is victim of a distributed denial of service attack, provoked by a pro-Russian hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_037.html", "date_published": "Tue, 11 Apr 2023 22:00:00 -0000" }, { "id": "2023_038", "title": "13/4/2023 - Port - Denial of service (CA)", "content_html": "A port is victim of a distributed denial of service attack, provoked by a pro-Russian hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_038.html", "date_published": "Wed, 12 Apr 2023 22:00:00 -0000" }, { "id": "2023_039", "title": "15/4/2023 - Port - Denial of service (CA)", "content_html": "A port is victim of a distributed denial of service attack, provoked by a pro-Russian hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_039.html", "date_published": "Fri, 14 Apr 2023 22:00:00 -0000" }, { "id": "2023_040", "title": "16/4/2023 - Port - Denial of service (CA)", "content_html": "A port is victim of a distributed denial of service attack, provoked by a pro-Russian hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_040.html", "date_published": "Sat, 15 Apr 2023 22:00:00 -0000" }, { "id": "2023_041", "title": "17/4/2023 - Industry - Virus/Ransomware (FR)", "content_html": "A design office specializing in water-related fields is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_041.html", "date_published": "Sun, 16 Apr 2023 22:00:00 -0000" }, { "id": "2023_043", "title": "23/4/2023 - Administration - Denial of service (CA)", "content_html": "The Transportation Regulator suffers Distributed Denial of Service Attack blamed on hacktivist movement.", "url": "https://www.m-cert.fr/admiral/2023_043.html", "date_published": "Sat, 22 Apr 2023 22:00:00 -0000" }, { "id": "2023_045", "title": "26/4/2023 - Port - Denial of service (IL)", "content_html": "A company responsible for managing all the Israeli ports is victim of a distributed denial of service attack attributed to a hacktivist movement.", "url": "https://www.m-cert.fr/admiral/2023_045.html", "date_published": "Tue, 25 Apr 2023 22:00:00 -0000" }, { "id": "2023_046", "title": "26/4/2023 - Port - Denial of service (IL)", "content_html": "A port is victim of a distributed denial of service attack attributed to a hacktivist movement.", "url": "https://www.m-cert.fr/admiral/2023_046.html", "date_published": "Tue, 25 Apr 2023 22:00:00 -0000" }, { "id": "2023_047", "title": "14/4/2023 - Defence - Virus/Ransomware (DE)", "content_html": "A company operating in the Defence sector is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_047.html", "date_published": "Thu, 13 Apr 2023 22:00:00 -0000" }, { "id": "2023_048", "title": "18/4/2023 - Shipping - Waterholing Attack (IL)", "content_html": "The website of a logistics company is compromised and used in the context of a waterholing attack carried out by a reputed Iranian state actor.", "url": "https://www.m-cert.fr/admiral/2023_048.html", "date_published": "Mon, 17 Apr 2023 22:00:00 -0000" }, { "id": "2023_049", "title": "18/4/2023 - Shipping - Waterholing Attack (IL)", "content_html": "A shipping company's website is compromised and used in an attack in the context of a waterholing attack carried out by a reputed Iranian state actor.", "url": "https://www.m-cert.fr/admiral/2023_049.html", "date_published": "Mon, 17 Apr 2023 22:00:00 -0000" }, { "id": "2023_050", "title": "18/4/2023 - Logistics - Waterholing Attack (IL)", "content_html": "The website of a logistics company is compromised and used in the context of a waterholing attack carried out by a reputed Iranian state actor.", "url": "https://www.m-cert.fr/admiral/2023_050.html", "date_published": "Mon, 17 Apr 2023 22:00:00 -0000" }, { "id": "2023_051", "title": "18/4/2023 - Defence - Intrusion (US)", "content_html": "A shipbuilding company in the defence sector is victim of data theft following a computer intrusion.", "url": "https://www.m-cert.fr/admiral/2023_051.html", "date_published": "Mon, 17 Apr 2023 22:00:00 -0000" }, { "id": "2023_052", "title": "29/4/2023 - Defence - Denial of service (IL)", "content_html": "An equipment manufacturer specializing in the field of defence is victim of a denial of service attack carried out by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_052.html", "date_published": "Fri, 28 Apr 2023 22:00:00 -0000" }, { "id": "2023_053", "title": "1/5/2023 - Port - Denial of service (IL)", "content_html": "The website of a port is victim of a denial of service attack carried out by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_053.html", "date_published": "Sun, 30 Apr 2023 22:00:00 -0000" }, { "id": "2023_054", "title": "1/5/2023 - Port - Denial of service (IL)", "content_html": "The website of a port is victim of a denial of service attack carried out by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_054.html", "date_published": "Sun, 30 Apr 2023 22:00:00 -0000" }, { "id": "2023_055", "title": "7/5/2023 - Industry - Virus/Ransomware (CH)", "content_html": "A company specializing in the digitization of industrial processes related to energy is victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_055.html", "date_published": "Sat, 06 May 2023 22:00:00 -0000" }, { "id": "2023_056", "title": "18/5/2023 - Defence - Denial of service (IN)", "content_html": "The Indian Navy's recruitment website is victim of a Denial of Service attack claimed by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_056.html", "date_published": "Wed, 17 May 2023 22:00:00 -0000" }, { "id": "2023_057", "title": "18/5/2023 - Defence - Denial of service (IN)", "content_html": "The Indian Navy's website is victim of a Denial of Service attack claimed by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_057.html", "date_published": "Wed, 17 May 2023 22:00:00 -0000" }, { "id": "2023_058", "title": "21/5/2023 - Defence - Denial of service (IN)", "content_html": "The website of India's largest shipbuilding and maintenance yard is victim of a denial of service attack claimed by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2023_058.html", "date_published": "Sat, 20 May 2023 22:00:00 -0000" }, { "id": "2023_059", "title": "4/6/2023 - Logistics - Denial of service (LT)", "content_html": "The website of a logistics company which port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_059.html", "date_published": "Sat, 03 Jun 2023 22:00:00 -0000" }, { "id": "2023_060", "title": "4/6/2023 - Transport - Denial of service (LT)", "content_html": "The website of a shipping brokerage company is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_060.html", "date_published": "Sat, 03 Jun 2023 22:00:00 -0000" }, { "id": "2023_061", "title": "4/6/2023 - Transport - Denial of service (LT)", "content_html": "The website of a shipping brokerage company is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_061.html", "date_published": "Sat, 03 Jun 2023 22:00:00 -0000" }, { "id": "2023_062", "title": "4/6/2023 - Logistics - Denial of service (LT)", "content_html": "The website of a logistics company which port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_062.html", "date_published": "Sat, 03 Jun 2023 22:00:00 -0000" }, { "id": "2023_063", "title": "5/6/2023 - Port - Denial of service (CA)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_063.html", "date_published": "Sun, 04 Jun 2023 22:00:00 -0000" }, { "id": "2023_064", "title": "5/6/2023 - Port - Denial of service (CA)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_064.html", "date_published": "Sun, 04 Jun 2023 22:00:00 -0000" }, { "id": "2023_065", "title": "5/6/2023 - Port - Denial of service (CA)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_065.html", "date_published": "Sun, 04 Jun 2023 22:00:00 -0000" }, { "id": "2023_066", "title": "5/6/2023 - Port - Denial of service (CA)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_066.html", "date_published": "Sun, 04 Jun 2023 22:00:00 -0000" }, { "id": "2023_067", "title": "5/6/2023 - Port - Denial of service (BG)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_067.html", "date_published": "Sun, 04 Jun 2023 22:00:00 -0000" }, { "id": "2023_068", "title": "6/6/2023 - Port - Denial of service (NL)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_068.html", "date_published": "Mon, 05 Jun 2023 22:00:00 -0000" }, { "id": "2023_069", "title": "6/6/2023 - Port - Denial of service (NL)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_069.html", "date_published": "Mon, 05 Jun 2023 22:00:00 -0000" }, { "id": "2023_070", "title": "6/6/2023 - Port - Denial of service (NL)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_070.html", "date_published": "Mon, 05 Jun 2023 22:00:00 -0000" }, { "id": "2023_071", "title": "6/6/2023 - Port - Denial of service (PL)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_071.html", "date_published": "Mon, 05 Jun 2023 22:00:00 -0000" }, { "id": "2023_072", "title": "6/6/2023 - Port - Denial of service (NL)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_072.html", "date_published": "Mon, 05 Jun 2023 22:00:00 -0000" }, { "id": "2023_073", "title": "6/6/2023 - Port - Denial of service (ES)", "content_html": "The website of the Ports Regulatory Authority is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_073.html", "date_published": "Mon, 05 Jun 2023 22:00:00 -0000" }, { "id": "2023_074", "title": "7/6/2023 - Port - Denial of service (FI)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_074.html", "date_published": "Tue, 06 Jun 2023 22:00:00 -0000" }, { "id": "2023_075", "title": "7/6/2023 - Port - Denial of service (GR)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_075.html", "date_published": "Tue, 06 Jun 2023 22:00:00 -0000" }, { "id": "2023_076", "title": "7/6/2023 - Port - Denial of service (DE)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_076.html", "date_published": "Tue, 06 Jun 2023 22:00:00 -0000" }, { "id": "2023_077", "title": "7/6/2023 - Port - Denial of service (SE)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_077.html", "date_published": "Tue, 06 Jun 2023 22:00:00 -0000" }, { "id": "2023_078", "title": "8/6/2023 - Port - Denial of service (SE)", "content_html": "The website of a company specializing in the transport of vehicles by sea is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_078.html", "date_published": "Wed, 07 Jun 2023 22:00:00 -0000" }, { "id": "2023_079", "title": "8/6/2023 - Port - Denial of service (SE)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_079.html", "date_published": "Wed, 07 Jun 2023 22:00:00 -0000" }, { "id": "2023_080", "title": "8/6/2023 - Port - Denial of service (SE)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_080.html", "date_published": "Wed, 07 Jun 2023 22:00:00 -0000" }, { "id": "2023_081", "title": "8/6/2023 - Port - Denial of service (LT)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_081.html", "date_published": "Wed, 07 Jun 2023 22:00:00 -0000" }, { "id": "2023_082", "title": "8/6/2023 - Port - Denial of service (LT)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_082.html", "date_published": "Wed, 07 Jun 2023 22:00:00 -0000" }, { "id": "2023_083", "title": "8/6/2023 - Port - Denial of service (SE)", "content_html": "The website of a port is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_083.html", "date_published": "Wed, 07 Jun 2023 22:00:00 -0000" }, { "id": "2023_084", "title": "9/6/2023 - Port - Denial of service (IT)", "content_html": "According to sources, the Authority of Port System successfully defended against Distributed Denial of Service (DDoS) attacks that targeted Italian port authorities' Internet servers. While other Italian port authorities experienced temporary outages due to DDoS attacks that flood computer systems with abnormal traffic requests, the victim managed to withstand the attacks.\n\nThe attacks lasted for several days and produced a sustained traffic volume of more than 10 million requests per hour (with peaks of 13 million per hour). The port utilized previously installed protection systems and implemented additional security configurations during the peak attack phase to ensure normal website access while blocking or limiting potentially harmful traffic.", "url": "https://www.m-cert.fr/admiral/2023_084.html", "date_published": "Thu, 08 Jun 2023 22:00:00 -0000" }, { "id": "2023_085", "title": "9/6/2023 - Port - Denial of service (IT)", "content_html": "A cyber attack targeted numerous port websites worldwide, including the victim. According to the digital authority of the Liguria region, the cyber defences successfully withstood the attack, with no consequences for its internal servers, as confirmed by the port authority.\nThe attacking group claimed the attack, linking it to Italy's military aid to Ukraine.", "url": "https://www.m-cert.fr/admiral/2023_085.html", "date_published": "Thu, 08 Jun 2023 22:00:00 -0000" }, { "id": "2023_086", "title": "14/6/2023 - Offshore - Virus/Ransomware (GB)", "content_html": "A U.K.-based energy giant known for its extensive operations in the oil and gas sector, was impacted by the exploit of the vulnerability in the MOVEit Transfer software by an attacking group.\n\nAccording to sources, the attacking group had been exploiting the flaw since May 2023 to gain access to a diverse range of entities and subsequently started to list its victims on a dark web leak site. The affected parties span across U.S. financial services, European energy conglomerates, and several other sectors. Diverging from common tactics, the attacking group chose not to directly notify the infiltrated entities but posted a blackmail note on its leak site, directing victims to initiate contact before an impending deadline.\n\nSome organizations, such as governmental departments, have confirmed potential data exposure involving citizens. However, the attacking group asserts that they've deleted data for select government institutions.", "url": "https://www.m-cert.fr/admiral/2023_086.html", "date_published": "Tue, 13 Jun 2023 22:00:00 -0000" }, { "id": "2023_087", "title": "20/6/2023 - Port - Denial of service (NL)", "content_html": "According to the source, the port was hit by a Distributed Denial of Service (DDoS) attack.", "url": "https://www.m-cert.fr/admiral/2023_087.html", "date_published": "Mon, 19 Jun 2023 22:00:00 -0000" }, { "id": "2023_088", "title": "20/6/2023 - Port - Denial of service (BE)", "content_html": "According to the source, the Port of Brussels was hit by a Distributed Denial of Service (DDoS) attack.", "url": "https://www.m-cert.fr/admiral/2023_088.html", "date_published": "Mon, 19 Jun 2023 22:00:00 -0000" }, { "id": "2023_089", "title": "24/4/2023 - Port - Virus/Ransomware (NL)", "content_html": "A ransomware cyber attack occurred at Pengerang Independent Terminals (PTSB) in Malaysia, which is linked to the victim, a company specializing in the storage of fossil fuels and other products. Despite the incident, the terminal was reported to be still operational, and an investigation is underway. The company has confirmed the incident and expressed apologies for any inconvenience caused.", "url": "https://www.m-cert.fr/admiral/2023_089.html", "date_published": "Sun, 23 Apr 2023 22:00:00 -0000" }, { "id": "2023_090", "title": "5/5/2023 - Industry - Denial of service (FR)", "content_html": "According to sources, the victim was targeted by the pro-Russian "hacker" group NoName057(16) during a Distributed Denial of Service attacks campaing targeting French entitties. These cyber adversaries have expressed concerns over the nation's involvement in the ongoing conflict between Ukraine and Russia, following renewed support announcements in favor of Ukraine.\nThe attack resulted in short service disruptions. The group has been targeting Western organizations with similar DDoS attacks for a few months.", "url": "https://www.m-cert.fr/admiral/2023_090.html", "date_published": "Thu, 04 May 2023 22:00:00 -0000" }, { "id": "2023_091", "title": "11/5/2023 - Industry - Virus/Ransomware (US)", "content_html": "The victim is hit by a ransomware attack by a group who started its activity in April 2023.", "url": "https://www.m-cert.fr/admiral/2023_091.html", "date_published": "Wed, 10 May 2023 22:00:00 -0000" }, { "id": "2023_092", "title": "2/6/2023 - Port - Virus/Ransomware (IT)", "content_html": "The victim, managing a container terminal in Italy, was targeted by a cyber attack on June 2, 2023. The gang stated that they had exfiltrated a significant amount of data from the affected organization's IT infrastructure.\n\nThe website of the affected organization went down, displaying a "Site under maintenance" message on the homepage and returning errors on subpages, altough it cannot be said if it was due to the attack itself or to the remediation process.", "url": "https://www.m-cert.fr/admiral/2023_092.html", "date_published": "Thu, 01 Jun 2023 22:00:00 -0000" }, { "id": "2023_093", "title": "13/6/2023 - Shipyard - Undisclosed (US)", "content_html": "The victim confirmed a significant financial loss of approximately $85 million resulting from a recent cybersecurity incident. The incident, announced on June 13, affected the company's systems and some facilities. Although attacking ransomware group wasn't explicitly disclosed, it necessitated halting operations in certain locations while experts and law enforcement addressed the situation.\n\nThe CEO later revealed that the cyber incident had a substantial impact on the company's Q2 financial outlook. This "IT security incident" led to lower-than-expected Q2 financial results and took nine days to fully recover, causing critical disruptions. The incident would reduce full-year earnings by an estimated $60 to $70 million, with Q2 revenue being impacted by as much as $85 million.\n\nThe cyberattack had significant repercussions, particularly affecting segments outside of propulsion and engine parts.", "url": "https://www.m-cert.fr/admiral/2023_093.html", "date_published": "Mon, 12 Jun 2023 22:00:00 -0000" }, { "id": "2023_094", "title": "21/6/2023 - Offshore - Virus/Ransomware (CA)", "content_html": "The victim was hit by a ransomware attack disrupting transactions at gas stations across Canada, as well as the unavailability of its mobile app and other various services.\nThere was no evidence of customer, supplier, or employee data compromise or misuse. The attacking group seems to remain unknown.", "url": "https://www.m-cert.fr/admiral/2023_094.html", "date_published": "Tue, 20 Jun 2023 22:00:00 -0000" }, { "id": "2023_095", "title": "4/7/2023 - Port - Virus/Ransomware (JP)", "content_html": "The victim port is Japan's largest since 2002 in terms of cargo throughput, and is responsible for handling significant car exports and imports. It processes over 200 million tons of cargo annually, plays a pivotal role in the region's economic activities.\nAccording to sources, around July 4, the victim's operations faced disruptions due to an alleged ransomware attack. Several anomalies were observed in their automated systems, including the inability to identify trucks at one of its primary docks. The Tactics, Techniques, and Procedures (TTPs) of the attack seem to correspond with activities reputed of LockBit 3.0, which claimed the attack.\nThe incident might have affected an estimated 15,000 containers and influenced related businesses, including major car manufacturers in the region. Operations linked to a renowned automobile corporation faced potential challenges, primarily in their packaging plant for exported car parts. Additionally, sensors at the port's entrance were non-operational, causing significant delays and disruptions in cargo loading and unloading. This widespread disturbance led to a temporary congestion of trailers at the port.", "url": "https://www.m-cert.fr/admiral/2023_095.html", "date_published": "Mon, 03 Jul 2023 22:00:00 -0000" }, { "id": "2023_096", "title": "14/7/2023 - Defence - Virus/Ransomware (TR)", "content_html": "Reports have emerged that a ransomware group recently claimed to have attack an important defense company based in Turkey and specializing in high-tech products and subsystems for armed Forces and security forces.\n\nIf the claims are true, the breach could lead to the exposure of sensitive defense-related information, potentially including classified documents, proprietary technology, intellectual property, and even personally identifiable information (PII) of employees or clients.", "url": "https://www.m-cert.fr/admiral/2023_096.html", "date_published": "Thu, 13 Jul 2023 22:00:00 -0000" }, { "id": "2023_097", "title": "24/7/2023 - Defence - Virus/Ransomware (US)", "content_html": "The victim is an important group of the aerospace and defense industry. It was reported to be hit by a ransomware group.\n\nThe attack could have resulted in the leak of over 20 GB of sensitive personal data belonging to pilots and ground staff associated with the partners of the victim from many parts of the world.\n\nThe victim initiated a comprehensive investigation, collaborating with cybersecurity experts and law enforcement agencies to contain the breach and mitigate potential damages and urged affected individuals to monitor their personal information, remain vigilant against phishing attempts, and report suspicious activity.", "url": "https://www.m-cert.fr/admiral/2023_097.html", "date_published": "Sun, 23 Jul 2023 22:00:00 -0000" }, { "id": "2023_098", "title": "27/7/2023 - Shipyard - Virus/Ransomware (AE)", "content_html": "The victim is the provider of marine and offshore services to the shipping, oil, gas and energy sectors.\n\nThe was reported as having been hit by a ransomware group.", "url": "https://www.m-cert.fr/admiral/2023_098.html", "date_published": "Wed, 26 Jul 2023 22:00:00 -0000" }, { "id": "2023_099", "title": "9/8/2023 - Port - Denial of service (NL)", "content_html": "According to sources, a pro-Russian hacking group recently launched DDoS attacks against several websites in the Netherlands, amongst which this seaport. The claim, nature and pattern of these attacks suggest that they were orchestrated in the context of the ongoing geopolitical tensions.", "url": "https://www.m-cert.fr/admiral/2023_099.html", "date_published": "Tue, 08 Aug 2023 22:00:00 -0000" }, { "id": "2023_100", "title": "11/8/2023 - Port - Denial of service (DE)", "content_html": "According to sources, the victim port was targeted by the pro-Russian "hacker" group NoName057(16) during a Distributed Denial of Service attacks campaing. These cyber adversaries have expressed concerns over the nation's involvement in the ongoing conflict between Ukraine and Russia, following new support announcements in favor of Ukraine. Other German infrastructures were targeted during the same attack.\nThe attack resulted in short service disruptions.", "url": "https://www.m-cert.fr/admiral/2023_100.html", "date_published": "Thu, 10 Aug 2023 22:00:00 -0000" }, { "id": "2023_101", "title": "14/8/2023 - Defence - Denial of service (TH)", "content_html": "The victim experienced a cyber disruption when their website was rendered inaccessible due to a reported DDoS attack. This comes after the same cyber group compromised another major electronics company within the country.\n\nAccording to sources, the attacking ransomware organization has claimed responsibility for the cyberattack on the victim's website.\n\nThe group's recurring focus on Thai entities and their propensity for publicizing stolen data has emerged as a distinctive pattern in their operations.", "url": "https://www.m-cert.fr/admiral/2023_101.html", "date_published": "Sun, 13 Aug 2023 22:00:00 -0000" }, { "id": "2023_102", "title": "16/8/2023 - Shipyard - Denial of service (PL)", "content_html": "According to sources, the victim shipyard was targeted by a pro-Russian "hacker" group during a Distributed Denial of Service attacks campaing. Other infrastructures and organisations were targeted during the same attack.\nThe attack resulted in short service disruptions.", "url": "https://www.m-cert.fr/admiral/2023_102.html", "date_published": "Tue, 15 Aug 2023 22:00:00 -0000" }, { "id": "2023_103", "title": "16/8/2023 - Port - Denial of service (PL)", "content_html": "According to sources, the victim port was targeted by a pro-Russian "hacker" group during a Distributed Denial of Service attacks campaing. Other infrastructures and organisations were targeted during the same attack.\nThe attack resulted in short service disruptions.", "url": "https://www.m-cert.fr/admiral/2023_103.html", "date_published": "Tue, 15 Aug 2023 22:00:00 -0000" }, { "id": "2023_104", "title": "22/8/2023 - Shipowner - Denial of service (NO)", "content_html": "A major gas station conglomerate was victim of a targeted cyberattack.\nAccording to sources, the attacking group claimed responsibility for the attack, allegedly impacting the website of the company in Ukraine and over 200 gas station networks throughout the country. Without specifying all affected entities, the attackers singled out three primary targets, emphasizing their large-scale impact in the country. The significance of the breach was further underlined as it coincided with Ukraine's independence day, a detail the attackers highlighted in their messages.", "url": "https://www.m-cert.fr/admiral/2023_104.html", "date_published": "Mon, 21 Aug 2023 22:00:00 -0000" }, { "id": "2023_105", "title": "24/8/2023 - Offshore - Denial of service (UA)", "content_html": "The website of a company in the offshore sector is victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_105.html", "date_published": "Wed, 23 Aug 2023 22:00:00 -0000" }, { "id": "2023_106", "title": "29/8/2023 - Industry - Virus/Ransomware (NL)", "content_html": "The victim identified a cyber security incident involving an unauthorized third party access.\nContingency plans were put into action by the victim to continue operations, and digital investigations were conducted.\nBased the information provided by the company, it could not be determined that the attacking party actually exfiltrated data from the digital systems of the victim.", "url": "https://www.m-cert.fr/admiral/2023_106.html", "date_published": "Mon, 28 Aug 2023 22:00:00 -0000" }, { "id": "2023_107", "title": "16/5/2023 - Defence - Virus/Ransomware (US)", "content_html": "The victim, identified as an aerospace and defense company, recently came under suspicion of a cyber breach. A cybersecurity firm reported that a ransomware group claims to have infiltrated the company, potentially exfiltrating data pertaining to their collaboration on an Army communication system. In addition to their aerospace and defense endeavors, the company has been involved in significant deals and contracts, highlighting its stature and critical importance in the sector.\nAccording to sources, in response to the potential breach, the company confirmed an IT "system disruption" that impacted a segmented network at a single site. There was no direct mention of any data loss due to the incident. The claiming group shared an image of an apparent blog post advertising the sale of data associated with a technological program conducted by the company. The specifics of whether any actual data theft or compromise occurred remain ambiguous. The group allegedly behind the company's breach seems to primarily focus on North American manufacturers.", "url": "https://www.m-cert.fr/admiral/2023_107.html", "date_published": "Mon, 15 May 2023 22:00:00 -0000" }, { "id": "2023_108", "title": "20/5/2023 - Administration - Denial of service (AE)", "content_html": "The victim, a fovernment entity from the UAE, is a claimed by a hacktivist group as having been targeted by a Distributed Denial of Service (DDoS) attack during a campain targeting multiple government websites of the victim. The claim came forth on 20th May 2023, accompanied by evidence shared on the actor’s Telegram post to validate the successful execution of the DDoS attack. This proof was in the form of links to a utility platform that confirms the real-time availability and responsiveness of a domain or IP address.\nAccording to sources, the aforementioned hacktivist group has a history of leveraging DDoS attacks against institutions and governmental infrastructures. The motivation behind such attacks often stems from political issues, with other groups like 'Anonymous Sudan' showing parallels in their targeting patterns, particularly influenced by geopolitical circumstances.", "url": "https://www.m-cert.fr/admiral/2023_108.html", "date_published": "Fri, 19 May 2023 22:00:00 -0000" }, { "id": "2023_109", "title": "20/5/2023 - Defence - Denial of service (AE)", "content_html": "The victim, a fovernment entity from the UAE, is a claimed by a hacktivist group as having been targeted by a Distributed Denial of Service (DDoS) attack during a campain targeting multiple government websites of the victim. The claim came forth on 20th May 2023, accompanied by evidence shared on the actor’s Telegram post to validate the successful execution of the DDoS attack. This proof was in the form of links to a utility platform that confirms the real-time availability and responsiveness of a domain or IP address.\nAccording to sources, the aforementioned hacktivist group has a history of leveraging DDoS attacks against institutions and governmental infrastructures. The motivation behind such attacks often stems from political issues, with other groups like 'Anonymous Sudan' showing parallels in their targeting patterns, particularly influenced by geopolitical circumstances.", "url": "https://www.m-cert.fr/admiral/2023_109.html", "date_published": "Fri, 19 May 2023 22:00:00 -0000" }, { "id": "2023_110", "title": "26/6/2023 - Industry - Virus/Ransomware (FR)", "content_html": "The victim is a leading multinational company based in France. The corporation has a prominent global presence, boasting an annual revenue exceeding $37 billion. It is renowned for its expertise in digital automation and energy management, with its products being integral to numerous crucial sectors around the globe.\n\nAccording to sources, on May 30th, 2023, the company acknowledged potential vulnerabilities in the Progress MOVEit Transfer software. The company acted swiftly by implementing the available mitigation measures to safeguard data and infrastructure, keeping a vigilant watch over the evolving situation. However, a twist emerged on June 26th, 2023, when the company was alerted to claims suggesting that they had fallen prey to a cyber-attack related to MOVEit vulnerabilities.\n\nThe victim has yet to confirm the legitimacy of Cl0p's allegations.", "url": "https://www.m-cert.fr/admiral/2023_110.html", "date_published": "Sun, 25 Jun 2023 22:00:00 -0000" }, { "id": "2023_111", "title": "27/6/2023 - Industry - Virus/Ransomware (DE)", "content_html": "The victim is a leading energy technology firm headquartered in Munich. The company has a vast global footprint, with 91,000 employees and an annual turnover of $35 billion. It specializes in the design, development, and production of various industrial goods, from industrial control systems to advanced power units, renewable energy solutions, and comprehensive energy delivery mechanisms. Moreover, they offer cybersecurity consultation services tailored to the oil and gas sector, encompassing areas like incident response, vulnerability evaluations, and patch management.\nAccording to sources, the victim has acknowledged a breach resulting from the Cl0p ransomware's data-theft assaults that took advantage of a zero-day flaw in the MOVEit Transfer platform. The Cl0p threat group subsequently listed the victim on its data leak website, signifying that they had successfully extracted data during the cyber intrusion. This listing tactic is a part of Cl0p's strategy to exert pressure on their victims, typically preceding an actual leak of the stolen data. While there hasn't been a data leak as of now, the victim confirmed the breach linked to the MOVEit Transfer vulnerability, designated as CVE-2023-34362.\nThe victim emphasized that the breach did not lead to the compromise of any critical data, and their business operations remain unaffected.", "url": "https://www.m-cert.fr/admiral/2023_111.html", "date_published": "Mon, 26 Jun 2023 22:00:00 -0000" }, { "id": "2023_112", "title": "10/7/2023 - Defence - Legitimate access (US)", "content_html": "According to sources, two Navy sailors stationed in Southern California were apprehended on charges of leaking military secrets and confidential data to foreign intelligence agents. One of the sailors serving on an amphibious assault ship was accused under the Espionage Act of spying. Due to his role and security clearance, he had the potential to access and share highly sensitive national security information. The other sailor, stationed in a naval base was alleged to have accepted bribes in return for providing confidential U.S. military details to the same foreign intelligence service with a person masquerading as an economic researcher.\nThe extent of the information leak, its potential impacts, and the duration of this espionage activity remain areas of concern that will likely be addressed in ongoing investigations.", "url": "https://www.m-cert.fr/admiral/2023_112.html", "date_published": "Sun, 09 Jul 2023 22:00:00 -0000" }, { "id": "2023_113", "title": "19/7/2023 - IT Services - Denial of service (ES)", "content_html": "According to sources, following Spain's pledge to back the Ukrainian government, multiple sectors within the country, encompassing were targeted by Distributed Denial of Service (DDoS) cyber-attacks. During 15 days, the country has been targeted by over DDoS cyber-attacks, which Tactics, Techniques and Procedures (TTPs) traced back to the NoName057(16) group.\nThe impact on the websites tended to be short-lived, with most targeted websites resuming operations within the day of the assault.", "url": "https://www.m-cert.fr/admiral/2023_113.html", "date_published": "Tue, 18 Jul 2023 22:00:00 -0000" }, { "id": "2023_009", "title": "21/2/2023 - Defence - Denial of service (FR)", "content_html": "A naval defense industrialist is targeted by a distributed denial of service attack carried out by several hacktivist groups, as part of the Russian-Ukrainian conflict.", "url": "https://www.m-cert.fr/admiral/2023_009.html", "date_published": "Mon, 20 Feb 2023 23:00:00 -0000" }, { "id": "2023_010", "title": "24/2/2023 - Defence - Virus/Ransomware (FR)", "content_html": "An engineering company specializing in security equipment used in military and naval programs is threatened with a data leak following a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_010.html", "date_published": "Thu, 23 Feb 2023 23:00:00 -0000" }, { "id": "2023_042", "title": "22/4/2023 - Port - Denial of service (CA)", "content_html": "The Port of Hamilton-Oshawa is the victim of a distributed denial of service attack attributed to a hacktivist movement.", "url": "https://www.m-cert.fr/admiral/2023_042.html", "date_published": "Fri, 21 Apr 2023 22:00:00 -0000" }, { "id": "2023_044", "title": "23/4/2023 - Port - Denial of service (CA)", "content_html": "The Port of Montreal is the victim of a distributed denial of service attack attributed to a hacktivist movement.", "url": "https://www.m-cert.fr/admiral/2023_044.html", "date_published": "Sat, 22 Apr 2023 22:00:00 -0000" }, { "id": "2023_114", "title": "14/5/2023 - Port - Denial of service (DE)", "content_html": "The website of the port authority of a German port is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_114.html", "date_published": "Sat, 13 May 2023 22:00:00 -0000" }, { "id": "2023_115", "title": "14/5/2023 - Administration - Denial of service (DE)", "content_html": "The website of a German administration involved in the maritime sector is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_115.html", "date_published": "Sat, 13 May 2023 22:00:00 -0000" }, { "id": "2023_116", "title": "17/5/2023 - Industry - Denial of service (AE)", "content_html": "The website of an Emirati company specializing in the supply of lubricants for ships is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_116.html", "date_published": "Tue, 16 May 2023 22:00:00 -0000" }, { "id": "2023_117", "title": "14/8/2023 - Defence - Virus/Ransomware (GB)", "content_html": "Sensitive data from the British Ministry of Defense and Navy has been stolen following a ransomware attack on a company specializing in fencing and security devices.", "url": "https://www.m-cert.fr/admiral/2023_117.html", "date_published": "Sun, 13 Aug 2023 22:00:00 -0000" }, { "id": "2023_118", "title": "6/9/2023 - Industry - Virus/Ransomware (US)", "content_html": "An American shipping company specializing in supporting the offshore industry is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_118.html", "date_published": "Tue, 05 Sep 2023 22:00:00 -0000" }, { "id": "2023_119", "title": "10/9/2023 - Port - Denial of service (NL)", "content_html": "The website of a Dutch port authority is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_119.html", "date_published": "Sat, 09 Sep 2023 22:00:00 -0000" }, { "id": "2023_120", "title": "10/9/2023 - Port - Denial of service (NL)", "content_html": "The website of a Dutch company in the field of port activities is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_120.html", "date_published": "Sat, 09 Sep 2023 22:00:00 -0000" }, { "id": "2023_121", "title": "11/9/2023 - Port - Denial of service (HR)", "content_html": "The website of a Croatian marina is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_121.html", "date_published": "Sun, 10 Sep 2023 22:00:00 -0000" }, { "id": "2023_122", "title": "11/9/2023 - Port - Denial of service (HR)", "content_html": "The website of a Croatian marina is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_122.html", "date_published": "Sun, 10 Sep 2023 22:00:00 -0000" }, { "id": "2023_123", "title": "11/9/2023 - Port - Denial of service (HR)", "content_html": "The website of a Croatian marina is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_123.html", "date_published": "Sun, 10 Sep 2023 22:00:00 -0000" }, { "id": "2023_124", "title": "11/9/2023 - Port - Denial of service (HR)", "content_html": "The website of a Croatian marina is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_124.html", "date_published": "Sun, 10 Sep 2023 22:00:00 -0000" }, { "id": "2023_125", "title": "11/9/2023 - Port - Denial of service (HR)", "content_html": "The website of a Croatian marina is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_125.html", "date_published": "Sun, 10 Sep 2023 22:00:00 -0000" }, { "id": "2023_126", "title": "11/9/2023 - Port - Denial of service (BG)", "content_html": "The website of a Bulgarian marina is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_126.html", "date_published": "Sun, 10 Sep 2023 22:00:00 -0000" }, { "id": "2023_127", "title": "12/9/2023 - Administration - Virus/Ransomware (CA)", "content_html": "A Canadian administration in the environmental sector is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_127.html", "date_published": "Mon, 11 Sep 2023 22:00:00 -0000" }, { "id": "2023_128", "title": "14/9/2023 - Administration - Denial of service (CA)", "content_html": "A Canadian administration working in the transport sector, including maritime, is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_128.html", "date_published": "Wed, 13 Sep 2023 22:00:00 -0000" }, { "id": "2023_129", "title": "18/9/2023 - Administration - Denial of service (FI)", "content_html": "The website of a Finnish transport sector administration is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_129.html", "date_published": "Sun, 17 Sep 2023 22:00:00 -0000" }, { "id": "2023_130", "title": "25/9/2023 - Defence - Denial of service (US)", "content_html": "The website of an American company specializing in the field of Defense is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_130.html", "date_published": "Sun, 24 Sep 2023 22:00:00 -0000" }, { "id": "2023_131", "title": "28/9/2023 - Transport - Denial of service (GB)", "content_html": "The website of a British passenger transport company is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_131.html", "date_published": "Wed, 27 Sep 2023 22:00:00 -0000" }, { "id": "2023_132", "title": "9/10/2023 - Administration - Denial of service (PS)", "content_html": "The website of the Palestinian Ministry of Transport is the victim of a denial of service attack claimed by a hacktivist group supporting Israel.", "url": "https://www.m-cert.fr/admiral/2023_132.html", "date_published": "Sun, 08 Oct 2023 22:00:00 -0000" }, { "id": "2023_133", "title": "19/10/2023 - Transport - Denial of service (EE)", "content_html": "The website of an Estonian passenger transport company is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_133.html", "date_published": "Wed, 18 Oct 2023 22:00:00 -0000" }, { "id": "2023_134", "title": "19/10/2023 - Transport - Denial of service (IR)", "content_html": "The website of an Irish passenger transport company is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_134.html", "date_published": "Wed, 18 Oct 2023 22:00:00 -0000" }, { "id": "2023_135", "title": "19/10/2023 - Transport - Denial of service (FR)", "content_html": "The website of a French passenger transport company is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_135.html", "date_published": "Wed, 18 Oct 2023 22:00:00 -0000" }, { "id": "2023_136", "title": "19/10/2023 - Transport - Denial of service (GB)", "content_html": "The website of a British passenger transport company is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_136.html", "date_published": "Wed, 18 Oct 2023 22:00:00 -0000" }, { "id": "2023_137", "title": "19/10/2023 - Transport - Denial of service (SE)", "content_html": "The website of a Swedish passenger transport company is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_137.html", "date_published": "Wed, 18 Oct 2023 22:00:00 -0000" }, { "id": "2023_138", "title": "19/10/2023 - Transport - Denial of service (NO)", "content_html": "The website of a Norwegian passenger transport company is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_138.html", "date_published": "Wed, 18 Oct 2023 22:00:00 -0000" }, { "id": "2023_139", "title": "3/11/2023 - Port - Denial of service (NL)", "content_html": "The website of a Dutch port is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.traficomm", "url": "https://www.m-cert.fr/admiral/2023_139.html", "date_published": "Thu, 02 Nov 2023 23:00:00 -0000" }, { "id": "2023_140", "title": "5/11/2023 - Transport - Virus/Ransomware (FR)", "content_html": "A French passenger transport company is the victim of a data leak following a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_140.html", "date_published": "Sat, 04 Nov 2023 23:00:00 -0000" }, { "id": "2023_141", "title": "10/11/2023 - Port - Undisclosed (AU)", "content_html": "DP World, a port operator which handles 40% of Australia's maritime freight, said it had suspended operations at its port terminals in Sydney, Melbourne, Brisbane and Fremantle due to a cybersecurity incident. The company restricted access to its IT systems, which resulted in the cessation of operational activity on its terminals.", "url": "https://www.m-cert.fr/admiral/2023_141.html", "date_published": "Thu, 09 Nov 2023 23:00:00 -0000" }, { "id": "2023_142", "title": "4/12/2023 - MRE - Virus/Ransomware (VN)", "content_html": "A Vietnamese national electricity production company partly of hydraulic origin is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_142.html", "date_published": "Sun, 03 Dec 2023 23:00:00 -0000" }, { "id": "2023_143", "title": "4/12/2023 - Industry - Virus/Ransomware (US)", "content_html": "The American subsidiary of an Australian shipbuilder is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2023_143.html", "date_published": "Sun, 03 Dec 2023 23:00:00 -0000" }, { "id": "2023_144", "title": "26/12/2023 - Administration - Virus/Ransomware (UA)", "content_html": "A Ukrainian administration in charge of maritime transport is the victim of a possible data leak following an intrusion claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_144.html", "date_published": "Mon, 25 Dec 2023 23:00:00 -0000" }, { "id": "2023_145", "title": "26/12/2023 - Transport - Denial of service (LT)", "content_html": "The website of a Lithuanian multimodal transport company is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2023_145.html", "date_published": "Mon, 25 Dec 2023 23:00:00 -0000" }, { "id": "2024_001", "title": "1/1/2024 - Transport - Denial of service (FI)", "content_html": "The website of a Finnish transport sector administration is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2024_001.html", "date_published": "Sun, 31 Dec 2023 23:00:00 -0000" }, { "id": "2024_002", "title": "4/1/2024 - Logistics - Virus/Ransomware (FR)", "content_html": "A French road transport company offering customs brokerage and ship charter services is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2024_002.html", "date_published": "Wed, 03 Jan 2024 23:00:00 -0000" }, { "id": "2024_003", "title": "15/1/2024 - Transport - Virus/Ransomware (US)", "content_html": "An American multimodal transport company is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2024_003.html", "date_published": "Sun, 14 Jan 2024 23:00:00 -0000" }, { "id": "2024_004", "title": "16/1/2024 - Port - Denial of service (IL)", "content_html": "The website of an Israeli port is the victim of a denial of service attack claimed by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2024_004.html", "date_published": "Mon, 15 Jan 2024 23:00:00 -0000" }, { "id": "2024_005", "title": "16/1/2024 - Port - Denial of service (IL)", "content_html": "The IT infrastructure of an Israeli company responsible for the commercial development of the three main national ports is the victim of a denial of service attack claimed by a hacktivist group.", "url": "https://www.m-cert.fr/admiral/2024_005.html", "date_published": "Mon, 15 Jan 2024 23:00:00 -0000" }, { "id": "2024_006", "title": "30/1/2024 - Defence - Virus/Ransomware (US)", "content_html": "An American IT development company, subcontractor of the American Department of the Navy, is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2024_006.html", "date_published": "Mon, 29 Jan 2024 23:00:00 -0000" }, { "id": "2024_007", "title": "30/1/2024 - Industry - Virus/Ransomware (US)", "content_html": "The sustainable development division of a major French player in automation and energy management systems is the victim of a ransomware attack and a major data leak.", "url": "https://www.m-cert.fr/admiral/2024_007.html", "date_published": "Mon, 29 Jan 2024 23:00:00 -0000" }, { "id": "2024_008", "title": "4/2/2024 - Defence - Virus/Ransomware (US)", "content_html": "A major American arms company is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2024_008.html", "date_published": "Sat, 03 Feb 2024 23:00:00 -0000" }, { "id": "2024_009", "title": "15/2/2024 - Defence - Undisclosed (IR)", "content_html": "An Iranian ship suspected of collecting intelligence in the Black Sea for the benefit of the Sudanese Houthis is the victim of an attack claimed by the United States, potentially in response to the attack perpetrated by groups supported by Iran, which had caused the death of three members of the US Department of Defense on January 28, 2024.", "url": "https://www.m-cert.fr/admiral/2024_009.html", "date_published": "Wed, 14 Feb 2024 23:00:00 -0000" }, { "id": "2024_010", "title": "18/2/2024 - Port - Denial of service (IT)", "content_html": "The port communications system of the port of Trieste is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2024_010.html", "date_published": "Sat, 17 Feb 2024 23:00:00 -0000" }, { "id": "2024_011", "title": "18/2/2024 - Port - Denial of service (IT)", "content_html": "The Italian Navy website is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2024_011.html", "date_published": "Sat, 17 Feb 2024 23:00:00 -0000" }, { "id": "2024_012", "title": "29/2/2024 - Industry - Virus/Ransomware (US)", "content_html": "An American shipyard, an important player in the construction of Coast Guard ships, is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2024_012.html", "date_published": "Wed, 28 Feb 2024 23:00:00 -0000" }, { "id": "2024_013", "title": "1/3/2024 - Defence - Intrusion (DK)", "content_html": "A French company, working in the field of defense systems, is the victim of an intrusion and a major leak of confidential data.", "url": "https://www.m-cert.fr/admiral/2024_013.html", "date_published": "Thu, 29 Feb 2024 23:00:00 -0000" }, { "id": "2024_014", "title": "3/3/2024 - Administration - Denial of service (DK)", "content_html": "The website of the Danish Merchant Marine Association is the victim of a denial of service attack claimed by a hacktivist group supporting Russia.", "url": "https://www.m-cert.fr/admiral/2024_014.html", "date_published": "Sat, 02 Mar 2024 23:00:00 -0000" }, { "id": "2024_015", "title": "10/3/2024 - Leasure - Virus/Ransomware (US)", "content_html": "An American company specializing in the sale of pleasure boats is the victim of a ransomware attack.", "url": "https://www.m-cert.fr/admiral/2024_015.html", "date_published": "Sat, 09 Mar 2024 23:00:00 -0000" }, { "id": "2024_016", "title": "14/3/2024 - Transport - Undisclosed (US)", "content_html": "A US company, a major logistics player offering maritime transport services, isolates part of its infrastructure following the detection of unauthorized activity on its information system, causing disruption for its customers.", "url": "https://www.m-cert.fr/admiral/2024_016.html", "date_published": "Wed, 13 Mar 2024 23:00:00 -0000" }, { "id": "2024_017", "title": "14/4/2024 - Defence - Intrusion (IL)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_017.html", "date_published": "Sat, 13 Apr 2024 22:00:00 -0000" }, { "id": "2024_018", "title": "15/4/2024 - Leasure - Virus/Ransomware (US)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_018.html", "date_published": "Sun, 14 Apr 2024 22:00:00 -0000" }, { "id": "2024_019", "title": "15/4/2024 - Logistics - Virus/Ransomware (FR)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_019.html", "date_published": "Sun, 14 Apr 2024 22:00:00 -0000" }, { "id": "2024_020", "title": "2/5/2024 - Transport - Intrusion (AE)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_020.html", "date_published": "Wed, 01 May 2024 22:00:00 -0000" }, { "id": "2024_021", "title": "27/5/2024 - Administration - Denial of service (BG)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_021.html", "date_published": "Sun, 26 May 2024 22:00:00 -0000" }, { "id": "2024_022", "title": "16/6/2024 - Industry - Undisclosed (PH)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_022.html", "date_published": "Sat, 15 Jun 2024 22:00:00 -0000" }, { "id": "2024_023", "title": "17/6/2024 - Industry - Virus/Ransomware (DE)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_023.html", "date_published": "Sun, 16 Jun 2024 22:00:00 -0000" }, { "id": "2024_024", "title": "17/6/2024 - Industry - Virus/Ransomware (US)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_024.html", "date_published": "Sun, 16 Jun 2024 22:00:00 -0000" }, { "id": "2024_025", "title": "2/7/2024 - Industry - Intrusion (SG)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_025.html", "date_published": "Mon, 01 Jul 2024 22:00:00 -0000" }, { "id": "2024_026", "title": "3/7/2024 - Offshore - Intrusion (ES)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_026.html", "date_published": "Tue, 02 Jul 2024 22:00:00 -0000" }, { "id": "2024_027", "title": "20/8/2024 - Offshore - Undisclosed (US)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_027.html", "date_published": "Mon, 19 Aug 2024 22:00:00 -0000" }, { "id": "2024_028", "title": "24/8/2024 - Leasure - Undisclosed (US)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_028.html", "date_published": "Fri, 23 Aug 2024 22:00:00 -0000" }, { "id": "2024_029", "title": "27/8/2024 - Logistics - Virus/Ransomware (US)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_029.html", "date_published": "Mon, 26 Aug 2024 22:00:00 -0000" }, { "id": "2024_030", "title": "24/9/2024 - Industry - Virus/Ransomware (US)", "content_html": "To be disclosed", "url": "https://www.m-cert.fr/admiral/2024_030.html", "date_published": "Mon, 23 Sep 2024 22:00:00 -0000" } ] }