Intel Brief

Maritime Cyber Intelligence Brief

1–15 June 2026 · Free preview. The full issue — 15 developments across six sections — ships to subscribers by email.

Two stories in brief

Full analysis, recommended actions, tabletop scenarios, and cited sources in the complete issue.

Strait of Hormuz: AIS spoofing learns to lie with names

Between 8 and 14 June, interference in the strait crossed from denial into deception. On top of the usual GNSS jamming, a new identity layer appeared: AIS “trolling” with named spoof handles (“Jersey Devil 404”, “Opium Cargo”) broadcasting vessels that do not exist into the traffic picture. Windward counted six tankers transmitting false positions in the Gulf of Oman. Experts told Sky News the jamming now poses “a real risk to life.”

Why it matters: trolling corrupts the picture while leaving it looking normal. A watchkeeper sees a plausible vessel that isn’t there. In this strait, plan for GNSS denial as the default.

Qilin ransomware hits the body that coordinates the Port of New York & New Jersey

On 8 June the Qilin gang listed the Shipping Association of New York & New Jersey (SANYNJ) on its leak site, claiming to have stolen its data. SANYNJ coordinates terminals, carriers, stevedores and labour across one of North America’s busiest container complexes. It is the coordination layer of the port, not a single terminal. Nobody has confirmed operational disruption yet; for now the claim is just a leak-site listing.

Why it matters: attackers are climbing into the bodies that coordinate ports, where one breach reaches every operator in the complex. Two more cases this fortnight, a shipyard and a freight forwarder, fit the same upstream pattern.

The full brief also covers

Subscribers only — the complete analysis ships by email.

Section 1 · Incidents & Attacks
🔒 DragonForce ransomware lists Cheoy Lee Shipyards — Hong Kong builder of tugs, ferries and crew boats 🔒 Akira ransomware claims Port Air Express — Brooklyn freight forwarder serving “virtually all seaport locations” 🔒 Resecurity’s deep analysis of the Port of Ancona attack — $10M demand, rerouted vessels, port safety plans stolen
Section 2 · Regulations & Standards
🔒 Cyber Europe 2026 — ENISA’s first EU-wide rail-and-maritime cyber crisis exercise 🔒 Inmarsat NexusWave receives ClassNK cyber type approval against IACS UR E26/E27 🔒 USCG final rule pushes cybersecurity upstream into vessel design and construction
Section 3 · Threats — OT/ICS and GNSS/PNT
🔒 NAVTOR NavBox hard-coded SOAP credentials (CVE-2026-21404) — the only maritime-OT advisory of the fortnight 🔒 India signs INR 449 crore contract for 20 navy GNSS jammers — GNSS denial as a budgeted naval capability 🔒 RNT Foundation reports an LA/Long Beach VTIS spoofing event — +7 vessels over a >100-nautical-mile footprint
Section 4 · Ports & Supply Chain
🔒 Connectivity and cyber converge into bundled managed services — three vendor moves, all citing IACS E26/E27 🔒 Marine insurance folds in active cyber-risk management — CyberOwl, DNV Cyber and The Swedish Club
Section 5 · People, Training & Governance
🔒 IUMI: “Fake IDs on the high seas” — AIS identity manipulation to defeat sanctions screening 🔒 Industry readiness constrained by fragmentation; cyber reframed as financial investment (Posidonia 2026)

Every locked item carries the same depth as the two above: the pattern, the scale, the board-level read, the actions, and where it fits, a tabletop you can run with your team. Every claim cited.

Upcoming maritime cyber events — free

Public events on the forward horizon. No subscription required.

Subscribe

Past issues stay free to read in full. From the June 2026 issue, the complete brief is subscriber-only — each new issue still gets a short free summary.

Monthly
€49/mo
 
  • Full semi-monthly reports
  • Cancel anytime
Subscribe
Semi-Annual
€249/6 mo
€41.50/mo · Save 15%
  • Full semi-monthly reports
Subscribe
Best Value
Annual
€399/yr
€33.25/mo · Save 32%
  • Full semi-monthly reports
Subscribe

Also available in GBP, USD, PLN — select your currency at checkout.