Comments

KC December 26, 2025 11:02 AM

The ‘Le Parisien’ article refers to a tool of ‘very high technicality’ used to install a RAT (remote access tool).

In the following paragraph ‘le fameux’ is translated to ‘famous.’ But it appears a better translation might be ‘mysterious’?

There, they took the two suspects into custody and seized the famous unidentified technological tool. This device, which looks like a kind of USB key or hard drive, was probably used to connect to the computer system of the “Fantastic”. […]

The sophisticated technological tool has been sent for expertise in order to unravel its secrets. The justice system is studying several avenues as to the plan of which the suspect is accused, including the hijacking of the ship for the purpose of launching a violent attack or the taking of hostages for ransom.

The “Fantastic” sails between France, Italy, and the Maghreb and can carry up to 2,000 passengers. I was also wondering what the purpose of remote access to a civilian vessel would be. Interesting that these are the purposes mentioned.

Rontea December 26, 2025 11:14 AM

Incidents like this highlight the real-world risks of remote access tools (RATs) and the importance of operational security. Attackers often exploit weak authentication, unpatched software, or insider access to deploy RATs that can silently exfiltrate data or sabotage critical systems. Defense requires a multi-layered approach: enforce strong access controls, keep systems updated, monitor for unusual activity, and segment networks to contain potential breaches. Ultimately, technical measures only go so far—training staff to recognize social engineering and maintaining a culture of security awareness are essential to reducing risk.

jelo 117 December 26, 2025 1:08 PM

@ KC

The englished version looks like AI, and probably, from other articles in Le Parisien, so was the original.

lurker December 26, 2025 7:30 PM

What makes this an “IoT Hack”?

It looks more like an “Evil Maid” attack to me. So far all we have is lost in transslation MSM stories, indicating that maybe there were devices involved in the possession of crew members on the ship. Presumably the internet connection was incidental, and not required for operation of the ship, so it was not previously a Thing on the IoT. But after the malware was installed it became a Thing.

As for Russian involvement, I’m with the Latvian’s lawyer who said the “theory of Russian interference evoked in the press seems superfluous.” Perhaps recent French actions have offended Russia, but this ship operated France-Italy-Morocco-Tunisia. There has been significant recent comment out of the Maghreb concerning unfinished business with the Saharoui.

Clive Robinson December 26, 2025 9:38 PM

@ ALL,

The article does not actually make clear why the French are involved with what would normally be an Italian investigation.

It all pivots on you knowing that the port of Sète on the Mediterranean is actually on “French territory”.

But it further begs the question,

“Why was this Russian RAT found in France, not Italy the flag nation of the ferry operator?”

So, there might be a lot more going on than the article mentions or implies.

Clive Robinson December 26, 2025 11:49 PM

@ lurker, ALL,

You ask the question,

‘What makes this an “IoT Hack”?’

To which the article the link given is to, does not say anything.

However it’s not an unreasonable supposition or hypothesis, given modern Security CCTV systems, entertainment systems, and cabin and public area WiFi etc.

IoT systems are notoriously insecure and high bandwidth. Thus it’s “almost a given” that they would be used for obtaining a “toe-hold” in the onboard networks where possible.

We’ve also seen this alleged on other “public access transport” systems that also in addition to a control network, also provide public access, entertainment, or ePos system support.

However, as the type of crime that might be further committed is likewise not given in the article, we need to take care in what we assume. Such as,

“In a sensible system set-up the ships control network would be both segregated and physically isolated from any public access, entertainment, or ePos networks and systems”.

Such segregation and physical isolation would be considered part of “Best Practice”. But having physically separate networks is actually unlikely on “cost sensitive” deployments…

lurker December 27, 2025 1:11 AM

@Clive Robinson
“the port of Sète on the Mediterranean is actually on “French territory”.”

Well, yes, it is in France, Region: Occitania, Department: Hérault, Arrondissement: Montpellier, about 150km west of Marseille, and as long as the ship is tied up to the wharf French law applies. It is still tied up there 20251227:0555UTC according to https://live-radar.org/ship-radar/

“Why was this Russian RAT found in France, not Italy the flag nation of the ferry operator?”

From the confusing MSM reports we might surmise it came on board in Italy, was installed at sea, and detected shortly before, after, or during berthing at Sète.

“So, there might be a lot more going on … ”

Indded, but now that the French Cybersecurity wallahs have taken over we will know a lot less than if it had been investigated under International Maritime Law.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.