GNV ferry fantastic under cyberattack probe amid remote hijack fears
December 17, 2025
French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack.
French prosecutors are investigating a suspected cyberattack on the GNV ferry Fantastic, raising fears of a potential remote hijack.
The ferry Fantastic sails between Sète and North Africa, and French authorities are investigating a suspected attempt to compromise the ship’s IT systems.
Italian intelligence, prompted by GNV, alerted French authorities about two sailors, a Latvian and a Bulgarian, suspected of spying for a foreign power. The Paris prosecutor’s cybercrime unit is investigating an organized attack on automated data systems, allegedly to serve a foreign power.
The Bulgarian citizen was released, while the Latvian was charged in Paris with conspiracy to serve a foreign power, attempted computer system intrusion, and possession of devices to interfere with navigation systems.
“The company has identified and neutralised an attempted intrusion with no consequences on effectively protected company systems,” GNV told to Il Sole 24Ore, “and has taken steps to report the incident to the competent authorities. The company has therefore cooperated and continues to cooperate in the course of the investigation. During the recent police operations, which took several hours, the ship assured the authorities of its full cooperation and confidentiality, at the same time guaranteeing constant updates and assistance to passengers”.
Media reports suggest the investigation is focusing on Russia amid ongoing hybrid warfare incidents in European and French waters.
The inquiry, prompted by GNV, examines whether the ferry Fantastic’s systems were exposed to malware capable of controlling the ship. The vessel was temporarily sealed for safety checks and has since returned to sea. The Italian police and Eurojust performed searches in Latvia and seized assets for analysis.
“The vessel was initially sealed to allow all necessary checks regarding the compromise of the IT system and to avoid any risk to the safety of those on board,” the Paris prosecutor’s office explained. “The seal was removed on Saturday once the technical assessments were completed. The ship returned to sea following decisions taken by the competent maritime administrative authorities.”
GNV reported that its defenses successfully blocked and contained an intrusion attempt without impact on company systems, promptly notifying authorities and cooperating fully during police operations while keeping passengers informed.
The case highlights three key trends: growing strategic focus on maritime infrastructure, the use of insiders or physical access in OT/IT systems, and public discourse swinging between alarm and reassurance. It underscores the value of early detection, responsible disclosure, and cross-border cooperation (Italy–France–Latvia–Eurojust) in maritime cybersecurity.
“The computer systems that control ships are not, by default, connected to the internet. Very few onboard computers have permanent connections. The risk that a ship could be remotely controlled is near zero because it is extremely difficult to implement.” Maritime cybersecurity specialist Olivier Jacq told Le Parisien. “There are about 200,000 ships in the world’s oceans, and none have been hijacked via cyber means, despite serious ongoing geopolitical conflicts.” In other words, a Hollywood-style remote takeover is extremely unlikely; it is more realistic to consider espionage attempts, unauthorized access, or manipulation of data and processes.
If further technical details emerge – on the nature of the alleged trojan, the targeted systems, and whether this was reconnaissance, pre‑positioning or something more – the Fantastic investigation could become a key case study in how Europe handles suspected state‑linked cyber activity against maritime assets.
Pierluigi Paganini
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, GNV ferry Fantastic)