ads

Iranian oil tanker fleet crippled by suspected Israeli cyber attack

IDF cyber capabilities
IDF cyber capabilities (Shutterstock)
 

In December 2023, hacker group “Predatory Sparrow”, believed to be connected to Israeli intelligence, shut down 70% of Iran’s gas stations.

By Hezy Laing

A sweeping cyber offensive has disabled over 60 Iranian oil tankers and cargo vessels, striking a severe blow to the country’s oil export infrastructure.

The ships’ navigation and communication systems were knocked offline, plunging the fleet into a digital void and severely disrupting Iran’s maritime operations.

Already under heavy sanctions from the United States, United Kingdom, and European Union for support of terrorism and nuclear ambitions, Iran now faces a new crisis.

The National Iranian Tanker Company (NITC), which transports around 11 million tons of crude annually, and the Islamic Republic of Iran Shipping Lines (IRISL), which operates 115 ships globally, are central to Iran’s embattled economy.

The consequences are dire.

Iran’s oil shipments—often covertly routed to buyers like China—are now delayed, with vessels drifting aimlessly.

The lack of communication with military escorts has also raised serious safety concerns.

“Without communication, these ships are sitting ducks,” said one maritime analyst.

Insurance premiums for Iranian vessels are expected to rise sharply due to the increased risks.

Sealed Lips

A hacker collective known as Lab Dookhtegan, or “Sealed Lips” in Persian, has claimed responsibility.

They say they disabled the Falcon software that links ships to their ports, effectively severing all lines of contact.

According to the group, they targeted 39 tankers and 25 cargo ships operated by NITC and IRISL.

The breach was reportedly executed by infiltrating Linux-based satellite systems via the Fanava Group, an Iranian tech company responsible for maritime communications.

“We obliterated Fanava,” the hackers boasted, leaving crews isolated and port authorities in the dark.

This isn’t Lab Dookhtegan’s first strike. In 2019, they exposed Iran’s cyber-espionage operations.

This latest attack coincided with U.S. military actions against Iran-backed Houthi forces in Yemen, suggesting a calculated geopolitical maneuver.

Iranian officials and the affected companies have yet to respond publicly, but given Lab Dookhtegan’s history, their claims carry weight.

The group also hinted that this is merely the beginning of a broader campaign.

Strategic Objectives

The cyberattack seems to have been designed with multiple strategic objectives in mind.

By targeting Iran’s oil exports, the attackers aimed to inflict economic damage, striking at the country’s primary source of revenue.

The disruption also extends to military logistics, as many of the affected tankers play a dual role in supporting operations for the Islamic Revolutionary Guard Corps (IRGC).

Beyond the tangible consequences, the attack carries a psychological dimension as well—exposing critical vulnerabilities in Iran’s infrastructure and eroding public trust in the regime’s ability to safeguard its assets.

Israeli Involvement?

While no official attribution has been made, the scale and precision of the attack suggest a nation-state actor with advanced cyber capabilities.

Israel, known for its covert cyber operations, has not commented.

Cybersecurity experts believe the attackers exploited outdated systems and weak credentials to deploy malicious code.

“This was no amateur job,” one expert noted. “It required months of reconnaissance and sophisticated automation.”

Lab Dookhtegan’s cryptic reference to “friends who hate our enemies” has fueled speculation about foreign backing.

One analyst likened the operation to the infamous Israeli Stuxnet virus that disrupted Iran’s nuclear program in 2010.

Historical Context

Israel has previously been linked to sabotage efforts targeting Iranian oil transport.

Since 2019, Israel has disabled over a dozen Iranian ships many en route to Syria were reportedly hit with naval mines and other tactics.

In December 2023, another hacker group, Gonjeshke Darande (“Predatory Sparrow”), believed to be connected to Israeli intelligence, claimed responsibility for a cyberattack that shut down 70% of Iran’s gas stations.

That incident coincided with Iranian naval drills in the Gulf of Oman, suggesting deliberate timing.

Both NITC and IRISL are under international sanctions and play key roles in Iran’s oil trade and military logistics, including support for the IRGC’s Quds Force.

 

IDF News

More IDF news

Analysis

MORE ANALYSIS

Videos

Hamas tunnel

WATCH: IDF uncovers 1-kilometer Hamas tunnel in Khan Younis

IDF Gaza

WATCH: IDF eliminated over one hundred terrorists in recent weeks

Joseph

WATCH: From Moscow to the Maccabees – The 36-year-old dad who joined the IDF

IDF Gaza

WATCH: IDF continues to operate in northern Gaza

More Videos

Heroes

Sneak peek into elite IDF unit: Hunting terrorists in Gaza’s shadows

Sneak peek into elite IDF unit: Hunting terrorists in Gaza’s shadows

The IDF’s five greatest humanitarian missions

The IDF’s five greatest humanitarian missions

Soldiers with autism providing vital services to IDF

Soldiers with autism providing vital services to IDF

The IDF’s elite naval commandos – Shayetet 13

The IDF’s elite naval commandos – Shayetet 13

More Heroes

Weapons

Beyond Earth – the new IDF Space Directorate

Beyond Earth – the new IDF Space Directorate

Israel unveils world’s most advanced spy plane – the $1 billion Oron aircraft

Israel unveils world’s most advanced spy plane – the $1 billion Oron aircraft

IDF’S helicopter fleet undergoing major upgrade

IDF’S helicopter fleet undergoing major upgrade

Israel set to become first nation with airborne laser for fighter jets

Israel set to become first nation with airborne laser for fighter jets

More Weapons