Cyber Hackers Claim to Have Disabled Iranian Ship Communications

A shadowy group of cyber hackers is claiming that it launched a massive attack and has successfully disabled communications for much of Iran’s merchant fleet. While the report cannot be independently verified, the group which calls itself Lab Dookhtegan is known and according to experts is credible in its attacks.

The report is gaining wide media attention including in Iran. Neither government officials nor the shipping companies, the National Iranian Tanker Company or Islamic Republic of Iran Shipping Company, have publicly commented or denied the claims.

Lab Dookhteganposted messages on Telegram and X boasting of its accomplishments saying it was to celebrate the sixth anniversary of its operation. “In an unprecedented move, we successfully disrupted the communication network of two Iranian companies that, among various terrorist activities, are responsible for supplying munitions to Houthis,” the group wrote while also reposting links to reports from the Iranian media.

It claimed to have also timed the attack to coordinate with the U.S.’s current offensive against the Houthis and in parallel to the U.S. and European sanctions against Iranian shipping. It asserts that the communications for 50 ships belonging to the National Iranian Tanker Company and 66 ships operated by the Iran Shipping Lines have been disabled. Lab Dookhtegan reports it will take weeks to fully restore communications.

?? ??????? ?? ?????? ????? ?????? ?????? ??? ? ?????? ????? ???? ?? ?? ?????? ???? ???? ??????? ???? ???????? ??? ????? (IRISL) ? ???? ??? ??? ????? (NITC) ?? ??? ???!

???? ?????? ??? ????????? ? ?????? ??????? ????? ?? ????? ???? ?? ????????!https://t.co/uV7wND3wlt

Lab… pic.twitter.com/3G1YrwCrk2

— ?? ??????? | LabDookhtegan | Read My Lips (@LabDookhtegan2) March 18, 2025

“Ship personnel can no longer communicate with one another, and their connection to the ports and outside world has been severed,” the group said in its online statements.

Speculation is that the communications would also impact the vessels' coordination with the Iranian military and other authorities. The Iranian media speculates the vessels use encrypted networks to speak with the military but likely depend on satellite communications systems such as VSAT (Very Small Aperture Terminal) technology. They said it would be impacting the ability to coordinate operations, transmit data, and navigate.

The speculation is that the vessels might be limited to traditional radio systems with VHF and HF frequencies used for short-range communications, such as ship-to-ship and ship-to-shore.

Cyber security analysts at Cydome published an analysis of Lab Dookhtegan noting while there was no evidence of this attack or its results it was based on the previous credibility of the group. They said while the group does not disclose its exact tactics, they believe the group uses a search engine device that could locate ship satellite terminals. They speculate the group could have remotely compromised the terminals using factory-set passwords, giving it the ability to alter system settings or even upload malicious firmware.

Furthermore, they believe there would have been a high degree of automation and coordination required to deliver malware or malicious commands to 116 vessels simultaneously. They speculate it may have involved prior reconnaissance and required advanced capabilities.

Based on this attack, Cydome is recommending that all shipping companies perform a comprehensive risk assessment. They cite the need to install a dedicated maritime cybersecurity solution that is independent of the communications devices.

If this attack is proven legitimate, it would not be the first time Iranian shipping has reportedly fallen vulnerable to cyberattacks. In 2024, unconfirmed reports from NBC News said the American forces carried out a cyberattack targeting an Iranian spy ship. The vessel was thought to be playing a role in the targeting of merchant ships for the Houthi militants in Yemen.

Top photo from Iran's Tasnim News Agency -- CC BY 4.0