Investigation launched after malware discovery on civilian vessel
French counterintelligence authorities are investigating a suspected cyberattack on the international passenger ferry Fatastic after malicious software capable of enabling remote control was обнаружено on the ship, raising concerns about foreign interference and maritime safety.
The probe was confirmed on 18 December after French investigators received intelligence suggesting that the ferry’s computer systems may have been compromised while the vessel was docked at the Mediterranean port of Sète. The incident is being treated as a serious national security matter, with officials examining the possibility that a foreign state was behind the intrusion, according to foreign interference after remote control malware found on passenger ferry.
French Interior Minister Laurent Nuñez said investigators were analysing attempts to access the ship’s information systems, describing the case as “very serious” and part of a broader pattern of hostile activity targeting Europe.
Crew detentions raise questions over human vulnerability
Earlier, police detained two members of the ferry’s crew — a Latvian and a Bulgarian national — following information shared by Italian authorities. The Bulgarian citizen was released without charge after questioning, while the Latvian national remains in custody.
French prosecutors said the Latvian crew member is being held on preliminary charges of criminal conspiracy and two alleged offences related to hacking carried out in the interests of an unnamed foreign state. Investigators are now assessing whether the suspects played a direct role in facilitating access to the vessel’s digital infrastructure.
The case has highlighted the risks posed by the human factor in international maritime transport, where multinational crews and complex access systems can complicate background checks and internal controls.
Remote access malware heightens safety concerns
At the centre of the investigation is so-called RAT malware, a type of software sometimes used by cybercriminals to gain remote access to computer systems. Security officials believe such tools could, in theory, allow attackers to interfere with navigation, communications or operational controls on board.
French authorities warned that any successful intrusion into a passenger ferry’s systems could endanger hundreds of lives, either through loss of navigational control or by triggering panic among passengers. As a result, the incident is being assessed not merely as a cybercrime, but as a potential mass-casualty scenario.
The discovery has reinforced concerns that cyber threats now pose risks comparable to traditional physical attacks in the maritime domain.
Russia emerges as primary suspect in hybrid threat context
While officials have stopped short of formally accusing Russia, Nuñez noted that foreign interference “very often comes from the same country”, a remark widely interpreted as referring to Moscow. France and other European allies of Ukraine have repeatedly accused the Kremlin of conducting a hybrid campaign against Europe.
That campaign, according to European security officials, includes sabotage, cyberattacks, disinformation and covert operations designed to destabilise societies without crossing the formal threshold of armed conflict. Previous incidents involving critical infrastructure have shaped the analytical framework now guiding the ferry investigation.
French officials argue that the absence of immediate, definitive proof is consistent with the methods of hybrid warfare, where plausible deniability is a core feature rather than an obstacle.
Transport infrastructure seen as a strategic target
Security analysts note that attacks on civilian transport assets offer multiple advantages to hostile actors. Such operations can create fear and uncertainty, test the responsiveness of security services and expose gaps in crisis management, all while avoiding clear attribution.
The ferry case has intensified calls for European governments to rethink how they protect critical transport infrastructure, shifting focus from purely physical security to integrated cyber and intelligence defences. Authorities warn that without stronger safeguards and closer intelligence cooperation, similar incidents could become more frequent.
French officials stressed that the investigation should be seen as a warning sign for Europe as a whole, underscoring the need for shared standards and faster information exchange to counter evolving hybrid threats.
