Greek shipowners and other companies are scanning their computer systems for evidence of cyberattacks on the advice of the National Cyber Security Agency following incidents related to the Iran war, two sources said on Wednesday.
The agency last week sent an advisory to security officials at shipping lines, banks and companies in the transportation, telecoms, health and energy sectors, seen by Reuters, an agency source said, adding that the move was pre-emptive.
An Iran-related hacker group claimed responsibility for a cyberattack on Stryker, a U.S. medical equipment and services provider, on March 11, according to news posted on the organization’s Telegram channel.
Albania also confirmed that its parliament’s digital infrastructure suffered a cyberattack last week, which local media said was the work of a self-proclaimed Homeland Justice group with links to Iran.
Greek advisory urges scans
Greece’s advisory was marked as “high priority,” urging businesses to conduct scans and notify security officials of confirmed incidents affecting “large international organizations” abroad. It doesn’t name it.
It lists possible indicators of compromise, including IP addresses, tools and malware, such as the VShell remote access Trojan. Anyone who finds evidence of an attack should immediately check their systems and block these IPs, the report said.
Two independent sources said at least two shipping companies had been warned. There has been a surge in electronic interference with commercial ship navigation systems in the Strait of Hormuz and the wider Gulf in recent days.
All sources requested anonymity because they were not authorized to speak to the media.
The first two said Greece had found no evidence of a major attack, but one said “some kind of activity” had been traced.
Greece informed that the investigation into the confirmed incident revealed that an unidentified, sophisticated threat actor uses a two-tier infrastructure to scan activities, attempt unauthorized access, host malware or run command and control mechanisms and avoid being traced.
A second source said some of the IP addresses listed in the Greek notification originated in Iran.
(Additional reporting by Fatos Bytyci in Pristina; Editing by Barbara Lewis)
