ADMIRAL stands for Advanced Dataset of Maritime cyber Incidents ReleAsed for Literature. ADMIRAL was created 7 years ago, in 2017, to centralize disclosed cybersecurity incidents in the maritime sector for education, research, and awareness raising activities or risk and threat assessment in the maritime cybersecurity sector.
As always with figures, please be cautious when elaborating trends or facts from this data. Despite all our hard work, we only put here publicly disclosed incidents. There can be biases, due to the quality, diversity and precision of sensors. This is, by no mean, a realtime dataset of what is happening now! Most of our data is not shown here, either because we don't trust the sources or don't want to quote them, but also because most of our activity is to anticipate, prevent incidents and coordinate response. Of course, we shall never disclose any privately reported incidents and we do respect the Traffic Light Protocol, as well as the protection of sources.
The purpose of this dataset is not to point fingers at the maritime sector, its actors, manufacturers, etc. On the contrary, we are helping them on a daily basis fighting adverse cyber activities. But they need a wide support to enhance their cybersecurity resilience and defense in depth. The names of the victims are given using public references (e.g. articles). We will never quote the name of a victim if it has not been made public.
It is maintained by the team of the Maritime Computer Emergency Response Team (M-CERT) operated by France Cyber Maritime non-profit organization fostering over 90 public and private bodies in maritime cybersecurity in France.
As of today, the ADMIRAL dataset contains 473 publicly disclosed maritime cybersecurity incidents, starting in 1980 and until 2024. It gathers 16 different incident types which occurred in 64 countries, impacting 22 maritime activities subsectors.
You can explore our dynamic map, our global statistics page, our statistics by (geographic) continent, by country, by year, by threat, and by activity. You can also explore our dataset by starting by a random incident.
You can also use:
We hope this data and the work behind will be valuable to you. If they are, please respect the data source, the ethics behind, the people working on it, and take into account the contribution policy, license and reuse rules as stated on our Gitlab repository.
Date (DD/MM/YYYY) | Country | Type | Target | Incident detail |
---|---|---|---|---|
24/9/2024 | US | Virus/Ransomware | Industry | To be disclosed |
27/8/2024 | US | Virus/Ransomware | Logistics | To be disclosed |
24/8/2024 | US | Undisclosed | Leasure | To be disclosed |
20/8/2024 | US | Undisclosed | Offshore | To be disclosed |
3/7/2024 | ES | Intrusion | Offshore | To be disclosed |
2/7/2024 | SG | Intrusion | Industry | To be disclosed |
17/6/2024 | DE | Virus/Ransomware | Industry | To be disclosed |
17/6/2024 | US | Virus/Ransomware | Industry | To be disclosed |
16/6/2024 | PH | Undisclosed | Industry | To be disclosed |
27/5/2024 | BG | Denial of service | Administration | To be disclosed |