A major cyberattack has thrown Iran’s maritime industry into disarray, after hackers disabled communications systems on more than 60 oil tankers and cargo ships. The attack severed crucial links between the vessels and their ports, creating widespread confusion in Iranian waters.
The group behind the attack, calling itself ‘Lip-Dochtjan’ or The Sewn Lips, claimed responsibility and told foreign media outlet Iran International that it had successfully breached the systems of the National Iranian Oil Tanker Company and Iran Shipping Lines.
The reported impact is significant, with 39 oil tankers and 25 cargo ships left unable to maintain normal communications.
According to the hackers, the intrusion was made possible by exploiting vulnerabilities within Fannava, an Iranian holding company that provides satellite communications, data storage, and payment systems.
The attackers said they gained access to the vessels’ core Linux-based operating systems, which power their satellite communication networks. Once inside, they disabled Falcon — the central program responsible for managing Iran’s maritime communications infrastructure.
“The disruption is severe and targeted,” said a European maritime security analyst, who noted that satellite communication systems are a lifeline for global shipping operations. “Cutting off ships from their ports not only creates immediate chaos but also raises serious safety concerns.”
The National Iranian Oil Tanker Company and Iran Shipping Lines have not publicly confirmed the extent of the damage, but shipping trackers noted irregular movements and delays in recent days. Some vessels reportedly lost access to satellite navigation assistance, forcing crews to rely on backup procedures.
This cyberattack comes amid heightened tensions in the Gulf region, where shipping routes are often at the center of geopolitical disputes. Iran’s maritime fleet plays a crucial role in transporting crude oil and goods, making it a strategic target for cyber sabotage.
The hacking group Lip-Dochtjan framed the attack as an effort to expose vulnerabilities within Iran’s shipping and oil industries. In their statement, they claimed they were able to bypass multiple layers of security, suggesting that Iranian infrastructure remains outdated and poorly defended against modern cyber threats.
Cybersecurity experts caution that such attacks could set a dangerous precedent. “What we are witnessing is not just digital vandalism but a potential weaponization of cyber capabilities against critical national infrastructure,” said an expert in Middle Eastern cybersecurity.
“The fact that an external group could take control of core maritime systems is deeply alarming.” For now, Iranian officials have remained silent on the attack, though maritime operators continue to report difficulties.
The incident highlights the growing threat of cyber warfare in global shipping, where vulnerabilities in communication and navigation systems present lucrative targets for politically motivated hackers.
With oil tankers unable to reliably communicate, the cyberattack has not only disrupted Iran’s internal shipping logistics but also raised fears of ripple effects in international trade, given Iran’s key role in global energy exports.
This unprecedented disruption underscores the fragile nature of maritime cybersecurity, and experts warn it may not be the last attack of its kind.