NITC (National Iranian Tanker Company)

History

2025: Hacking of Linux ship management systems - dozens of tankers idle

At the end of August 2025, it became known that hackers disabled communication systems on board dozens of Iranian oil tankers and cargo ships. This is one of the largest cyber attacks on the country's maritime sector.

The cybercriminals disrupted the onboard systems of approximately 25 cargo ships and 39 tankers operated by the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Company (IRISL). Both of them are under sanctions from the US Treasury Department.

𝓲

Фото: Freepik

The hacker group Lab-Dookhtegan, also known as Sewn Lips, claimed responsibility for the invasion. According to the attackers, they got root access operating system to Linux, which runs satellite terminals of ships, which allowed them to stop, software Falcon which serves to manage Iran's maritime communications. As a result, tankers and cargo ships completely lost contact with the shore and with each other.

As noted by Nariman Gharib, an Iranian researcher in the field, cyber security the attackers gained access to ship systems back in May 2025 and simply waited for a convenient moment. In addition, hackers seized control of IP telephony systems on affected ships, which theoretically allowed them to listen to all telephone conversations. Screenshots shared by cybercriminals indicate that they destroyed important on-board data. Ships are forced to stand idle, and it can take "weeks and months" to restore systems.

Attackers overwritten six different storage partitions with zeros. Everything is gone - navigation logs, message archives, system configurations, even recovery sections that would allow you to remotely fix the system, "Garib wrote.[1]

Notes