A hacker group said it disabled communications on more than 60 Iranian oil tankers and cargo ships, severing links between the vessels, their ports, and the outside world in one of the largest cyberattacks on the country’s maritime sector, reported Iran International on Friday.
The group, known as Lab-Dookhtegan (Sewn Lips), hacked into the systems of the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Lines (IRISL), disrupting operations on 39 tankers and 25 cargo ships.
Both companies were sanctioned by the US Treasury in 2020 for aiding the Iranian Revolutionary Guard Corps’ Quds Force.
The attack took place as the navy was carrying out maneuvers in the Gulf of Oman.
The breach was carried out by infiltrating Fanava Group, an Iranian IT and telecoms holding company that provides satellite communications, data storage, and payment systems, they revealed.
They said they obtained “root-level” access to the Linux operating systems running the ships’ satellite terminals, enabling them to stop Falcon, the control software at the heart of Iran’s maritime communications, added the report.
Stopping Falcon means complete disconnection between the ships and shore, the group said, adding that the hack rendered automatic identification system (AIS) tracking and satellite links inoperable.
This is not the first time Iranian shipping has been targeted. In March 2025, Lab-Dookhtegansaid it disrupted the communications of 116 vessels belonging to the same two firms. At the time, the group claimed the attack was timed to coincide with US operations against Iran-backed Houthis in Yemen.
US and European sanctions have already limited Iran’s access to advanced maritime technology, insurance, and international ports, leaving the fleets more exposed to cyber and physical threats.
