470
Views

Hackers Disable Iranian Merchant Shipping Communications

Hacking
iStock / Amgun

Published Aug 24, 2025 1:33 PM by The Maritime Executive

 

Iran International, the London-based media site covering Iranian affairs - which is constantly a target of the Iranian authorities - has carried claims that a hacking group has disrupted the communications of Iran’s merchant fleet. It reports that in a recent attack mounted by the cyber hacker group Lab-Dookhtegan, ship-to-shore communications of 39 tankers and 25 cargo ships belonging to the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Lines (IRISL) were disrupted. Neither NITC nor IRISL have acknowledged any operational impacts.

Little is known of the Lab-Dookhtegan group or its sponsorship, save that from its name it is Iranian-focused. The group carried out similar operations against Iranian shipping in March 2025, claiming to have disrupted the communications capabilities of 116 NITC and IRISL vessels. The attack in March coincided with Operation Rough Rider, during which US forces mounted an air offensive against Houthi targets in Yemen.

Lab-Dookhtegan claims to have carried out its attack by targeting communications services provided to NITC and IRISL by the Fanava Group, the net result being that the host’s Falcon cybersecurity system was breached and ship-to-shore communications and AIS services were disrupted.

The results claimed by Lab-Dookhtegan, about which very little is known, have been technically assessed as being credible by Cyberdome, an Israeli global maritime cybersecurity provider, which has examined the tactics, techniques, and procedures used by Lab-Dookhtegan.

Fanava is an IT and communications company based in Tehran, apparently privately owned. In addition to hosting wide area networks using VSAT satellite equipment, it also has a financial services subsidiary handling card payments. Fanava Group does not seem to appear on US, UK or EU sanctions lists.

In recent months, both the US and UK sanctioning authorities have gone beyond their listings of ships, brokers and owners to include those providing services to dark fleet operations. For example, in July the US Treasury listed ship manager Draco Buren for its role in loading Iranian containers onto ships leased by SeaLead, both Singaporean entities. Then on August 21, the US Treasury listed two Zhejiang port handling companies in Dongjiakou and Yangshan, DJK Oil Products and Yangshan Shengang, on the basis that they had handled Iranian crude cargoes. On the same day, the UK belatedly sanctioned a network of shipping services and commodity companies run by Mohammad Hossein Shamkhani, son of Ali Shamkani. Shamkani (senior) survived an Israeli attack during the 12-Day War and remains a senior security advisor to Supreme Leader Ali Khamenei.

The effectiveness of sanctions is dependent on the willingness of most entities to comply, in effect a form of community self-policing.

But it also relies on the effectiveness of enforcement action against the careless, and those deliberately seeking to circumvent the rules. The US Treasury’s OFAC imposed 12 civil penalties in 2024, issuing a total of $48.8 million in fines. So far in 2025, OFAC has issued seven fines totaling $235.9 million. The UK Treasury’s OFSI in contrast has taken four enforcement actions this year, levying a total of $1.04 million in fines, all directed against Russia/Ukraine-related breaches, none concerned with Iranian oil, and none directed against non-UK domiciles. Dr Helen Taylor, of the Spotlight on Corruption pressure group, described the UK sanctions regime as ‘all bark and no bite’.

The labored UK enforcement action in particular is unlikely to prove any obstacle to the fast-moving networks using front companies, Swiss lawyers, false identities and fictitious addresses which Iranian sanctions-busters are adept at developing. Seizure of valuable oil cargoes at sea is probably the only credible enforcement action, but will present diplomatic challenges and currently lacks a tested legal basis in international maritime law. Such considerations may come to the fore should US and EU3 snap-back sanctions be reintroduced, which is on the cards if Iran prevaricates in negotiations with the EU3, scheduled for August 25 in advance of the October JCPOA deadline.