
A major cyberattack on the evening of March 17 disrupted the communication systems of two of Iran’s largest shipping companies. The operation was claimed by the group “Lab Dookhtegan,” which has previously targeted the country’s strategic infrastructure. This time, the hackers focused on vessels involved in oil and military exports.
The Iranian companies NITC and IRISL—key maritime players in the region and both subject to sanctions by the United States, the United Kingdom, and the European Union—were severely affected. Communication channels were disabled on a total of 116 vessels responsible for transporting cargo, including military shipments, to various destinations, among them the conflict zone in Yemen.
By the morning of March 18, the crews of these vessels were completely cut off from one another, unable to transmit messages even in emergency situations. Communications with ports and global logistics networks were also severed, leading to significant disruptions in supply chains. Experts warn that the full restoration of these communication systems may take several weeks.
Preliminary reports suggest that the hackers infiltrated the ships’ satellite communication systems, gained access to server hardware, and executed commands that destroyed critical data. As a result, information storage systems were disabled, and portions of the digital infrastructure suffered irreversible damage.
The attack is being hailed as one of the most extensive assaults on Iran’s maritime sector in recent years. It delivered a blow not only to shipping logistics but also to the broader economic ties of a nation heavily reliant on maritime exports. Particularly vulnerable were assets under international sanctions, which face constraints in cyber defense capabilities and in their interactions with external partners.
Iranian authorities have yet to issue an official statement, but among cybersecurity experts, concerns are mounting over the likelihood of follow-up attacks—especially given the existing vulnerabilities in satellite and navigational systems. Of particular concern is the fact that several of the affected vessels were operating in international waters at the time of the attack.
Given the scale of the intrusion, the incident may prompt a reevaluation of cybersecurity standards across the maritime industry, with special attention to cryptographic safeguards and the isolation of critical communication nodes. Discussions are also underway regarding the urgent need for contingency measures, including the establishment of backup communication channels and cyber resilience protocols.
The group “Lab Dookhtegan” has already declared that such operations are intended as a form of pressure against Iran’s military and logistical networks. In this way, cyberspace is increasingly becoming a theater of influence in regions marked by international conflict.