Crew member Arrested for Planting "Foreign" Malware on Italian Ferry

The discovery is a potentially severe example of a digital attack at sea, and it is the latest sign that the shipping industry has become a target in geopolitical maneuvering and hybrid warfare. Vessel operator GNV discovered the installation of a Remote Access Trojan (RAT) on systems aboard the ferry Fantastic, and "neutralized" it "without consequences." A RAT is a type of malware that can enable a hacker to extract data from a target system and potentially exert remote control over it as well. 

GNV and other stakeholders did not specify what type of shipboard system was targeted - whether business IT, passenger-facing IT, or one of the compartmentalized OT systems that control navigation or mechanical systems. Without that information, the potential implications of the attack are unclear. 

GNV notified Italian authorities, who tipped off French police. On arrival at the French port of Sete, authorities boarded the ship and detained two crewmembers, one Latvian and one Bulgarian national. The Latvian crewmember has been charged with "conspiring to penetrate a data processing system on behalf of a foreign power."

According to prosecutors in Paris, the malware insertion was carried out by "an organized group to attack an automated data-processing system, with the aim of serving the interests of a foreign power." French Interior Minister Laurent Nunez did not name Russia, but in an interview with French media he noted that "these days one country is very often behind foreign interference." 

The investigation continues, and the ferry has been cleared to resume normal operations.