Crew Member Arrested After Remote-Control Malware Found On Passenger Ferry In France

French authorities have opened a counter-intelligence investigation after malware capable of remotely accessing a ship’s operating systems was discovered on a passenger ferry while it was docked at the Mediterranean port of Sète.

The case involves the ropax ferry Fantastic, which can carry 2,168 passengers and is operated by the Italian shipping company GNV, part of MSC.

Prosecutors in Paris said a Latvian crew member has been arrested and charged after Italian authorities warned that the vessel’s computer systems may have been compromised.

According to investigators, the suspected malware was a Remote Access Trojan (RAT), a tool that can allow hackers to gain remote control of computer systems.

Italian officials had alerted France that the ferry’s operating system could have been infected, prompting French security services to intervene.

Two crew members, one Latvian and one Bulgarian, were detained last week after their identities were shared with French authorities by Italy.

The Bulgarian national was later released without charge, while the Latvian seafarer was formally charged and placed under arrest.

The Paris prosecutor’s office said the charges relate to hacking-related offences and alleged participation in a criminal conspiracy intended to serve the interests of an unidentified foreign power.

The investigation is being led by France’s domestic intelligence service, the General Directorate for Internal Security (DGSI), reflecting the seriousness of the case.

Prosecutors said they are examining a suspected attempt by an organised group to attack an automated data-processing system.

France’s Interior Minister Laurent Nunez said investigators were treating the incident as a serious matter involving unauthorised access to a ship’s data-processing systems.

He added that authorities were exploring the possibility of foreign interference, noting that such activity is increasingly linked to a single country, though he did not name any state. He also declined to speculate on whether the suspected aim was to divert the vessel from its route.

French and other European governments have repeatedly warned that Russia is intensifying what they describe as “hybrid warfare” against Ukraine’s allies, including cyberattacks, sabotage and other forms of interference.

Following the discovery of the malware, the Fantastic was cordoned off in port and subjected to an emergency inspection by the DGSI. Several items were seized during the operation.

After technical checks were completed and no danger to passengers or crew was identified, maritime authorities cleared the vessel to return to service.

The Paris prosecutor’s office said related search operations were also carried out in Latvia with the support of Eurojust, the European Union’s judicial cooperation agency.

GNV said it had been the first to alert Italian authorities after identifying an attempted intrusion into its computer systems. The company stated that the intrusion had been detected and neutralised, adding that it had no operational consequences and that its systems remain protected.

The lawyer representing the Latvian crew member said the suggestion of Russian interference raised in some media reports appeared unnecessary, adding that the investigation would clarify the outstanding questions and show the situation was less alarming than initially portrayed.

References: france24, apnews

Source: Maritime Shipping News