Source linked

36 Fake Shipping Sites Expose Shadow Fleet Sanctions Playbook

recordedfuture.com@threat_watch3 hours ago·Cybersecurity·2 comments

Recorded Future's Insikt Group uncovers 36 inauthentic websites across three clusters generating fraudulent maritime documents for Iranian and Russian shadow fleets, linked to 17 already-sanctioned vessels.

recorded futureinsikt groupsanctions evasionmaritime securityshadow fleetthreat intelligence

Over 36 inauthentic websites across three clusters are generating fake maritime documents for Iranian and Russian shadow fleets, and Recorded Future's Insikt Group found explicit connections to 17 vessels—most already sanctioned by OFAC and other authorities.

Three Clusters, One Fraud Ecosystem

Clusters Alpha, Bravo, and Charlie share infrastructure, domain registration patterns, and OPSEC mistakes despite appearing as separate networks. Alpha was at least partially built by an Indian web development shop called Oceaniek Technologies. Bravo links to two Syrian nationals, one with a record of illicit activity. Charlie remains unattributed but shares technical DNA with Bravo.

Each cluster impersonates national maritime administrations and ship registries from Comoros, Benin, Bhutan, Cameroon, Chad, Equatorial Guinea, Gambia, Haiti, Malawi, Nicaragua, and Zambia. One site posing as Benin’s Maritime Administration even offers a self-service tool to generate fraudulent seafarer documents from Benin, Comoros, and Nicaragua.

The Compliance Stack Gets Faked

The websites replicate every layer of legitimate maritime compliance: ship registries, classification societies, protection and indemnity (P&I) clubs, seafarer training and certification organizations. Threat actors aren't just forging single documents—they're building credible front companies with layered digital identities to survive due diligence checks.

Automated document generation and layered hosting infrastructure make detection harder. Traditional sanctions evasion relied on weak jurisdictional oversight; this adds cyber-enabled scale and plausibility. A fictional classification society with a convincing website can get a shadow fleet vessel past insurance and port-state inspections.

What This Means for Compliance and Enforcement

Organizations in maritime and shipping need to integrate independent verification with cyber threat intelligence. Looking up a registry URL isn't enough when the registry itself is fake. The report links this activity to prior work from Bellingcat and Lloyd’s List, showing the problem has been building for years.

Governments whose authorities are being impersonated should prioritize coordinated takedowns of fraudulent infrastructure, especially when attackers claim legitimacy across multiple jurisdictions. Without that, the cyber-enabled SENs will keep churning out documents faster than anyone can check them.

Source: Cyber-Enabled Maritime Sanctions Evasion
Domain: recordedfuture.com

Read original source ->

External source stays available while the OJO article and comment thread stay local.

More in Cybersecurity

view topic
Yarbo's Hard-Coded MQTT Credentials Expose Entire Robot Fleet to Takeover

Two critical vulnerabilities let attackers with extracted credentials read telemetry and send commands to any Yarbo robot globally-no per-device authorization required.

Seven Critical Bugs in Naxclow IoT Expose Every Device to Remote Takeover

CISA published details of 7 unpatched CVEs in Naxclow's IoT platform, including a hard-coded signing salt and non-rotating relay credentials, with a CVSS 9.8 and zero vendor response.

Brickcom Cameras Expose Live Feeds via Unauthenticated /ONVIF and Default Creds

Two CVEs (7.7/8.3) allow any attacker to grab snapshot images and silently access camera feeds-Brickcom never responded to CISA's disclosure.

124 Days for AMD to Add One Letter to Fix an RCE

A trivial MITM vulnerability in AMD's AutoUpdate let attackers replace executables with any payload - and the fix was simply changing HTTP to HTTPS.

Comments load interactively on the live page.