French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel.
As the Paris prosecutor’s office announced this week, a Bulgarian national has been released without any charge, while a Latvian suspect who recently joined the crew of the Fantastic ferry (owned by Italian shipping company Grandi Navi Veloci) remains detained and was transferred to Paris on Sunday.
The Latvian crew member now faces charges of conspiring to infiltrate computer systems on behalf of a foreign power after a remote access tool was discovered aboard the ferry, as Le Parisien first reported.
“The urgent investigations carried out by the DGSI have led to the seizure of a number of items that will need to be examined, and are continuing under the direction of the investigating judge, in close cooperation with the Italian authorities,” the Paris prosecutor’s office said.
The malware was discovered by GNV, which alerted Italian authorities and France’s General Directorate of Internal Security, the nation’s counterespionage agency, that computer systems aboard the Fantastic ferry had been infected with suspicious software while docked at the Mediterranean port of Sète.
While GNV has yet to share which systems were targeted, it said that the malware was neutralized “without consequences,” according to a France 24 report.
French Interior Minister Laurent Nuñez has also confirmed that the investigation involves suspected foreign interference.
“This is a very serious matter… individuals tried to hack into a ship’s data-processing system. Investigators are obviously looking into interference. Yes, foreign interference,” Nuñez told French media.
“These days one country is very often behind foreign interference,” he added, without explicitly naming Russia, which has been linked to a wide range of sabotage operations across Europe in recent years.
On Friday, Nuñez also confirmed that the French Ministry of the Interior’s e-mail servers were breached in a cyberattack. On Tuesday, French authorities arrested a 22-year-old suspect linked to this incident.
The suspect was charged with unauthorized access to an automated personal data processing system as part of an organized group and is now facing a maximum sentence of 10 years in prison.
Broken IAM isn’t just an IT problem – the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what “good” IAM looks like, and a simple checklist for building a scalable strategy.