Cyber Incident Victim: DNV
Date:
Jan 2023
Location:
Norway
Summary
A ransomware attack targeted a major maritime software supplier, impacting approximately 1,000 vessels by forcing the shutdown of IT servers supporting its ShipManager system. The affected organization confirmed offline functionalities remained operational and no other services or data were compromised, while collaborating with law enforcement and cybersecurity firms to address the incident. This event aligns with broader ransomware trends affecting the maritime sector, including prior attacks on port infrastructure and logistics companies that disrupted critical operations and supply chains. U.S. officials have highlighted cyber threats as a significant risk to port security infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 7, 2023, Oslo-based maritime classification society DNV experienced a ransomware attack targeting its ShipManager software platform, forcing the company to shut down IT servers connected to the system. The attack disrupted online functionalities of ShipManager, a critical software suite used for technical management of vessel operations, certifications, and compliance. DNV confirmed approximately 1,000 vessels across 70 customer organizations were impacted by the server outage. The company maintained that onboard, offline functionalities of ShipManager remained operational during the incident, allowing basic vessel operations to continue unaffected. No evidence suggested compromise of other DNV software products or corporate data beyond the ShipManager infrastructure. DNV initiated daily communications with affected customers to provide updates from ongoing forensic investigations while collaborating with Norwegian law enforcement and external cybersecurity firms to manage the incident response.
As the world’s largest classification society, DNV provides technical certification services for over 13,175 vessels and offshore structures, generating over $2 billion in annual revenue during 2021. The incident occurred amid escalating cyber threats against maritime infrastructure globally, including the LockBit ransomware attack on Portugal’s Port of Lisbon two weeks prior and multiple European port disruptions throughout 2022. Historical precedents included February 2022 attacks against German oil logistics firms Oiltanking and Mabanaft that disrupted fuel distribution networks, forcing one company to declare force majeure. U.S. Department of Homeland Security Secretary Alejandro Mayorkas had previously identified cyberattacks as the most significant threat to port infrastructure during November 2022 congressional testimony, emphasizing coordinated cybersecurity efforts between Customs and Border Protection and the U.S. Coast Guard. The DNV attack exemplified persistent targeting of maritime operational technology systems with potential cascading impacts on global shipping logistics.