**Passenger Ferry Held for Hours After Suspected Russian Hack**

A passenger ferry was held in the southern French port of Sète for hours on Saturday after European investigators suspected a breach by Russian military hackers, according to people familiar with the matter.

The ferry, operated by MSC's Grandi Navi Veloci unit, was preparing to sail to Algeria when it was immobilized to allow authorities to confirm that operational systems had not been compromised. The vessel eventually departed on Sunday morning after a thorough investigation.

According to sources, the breach is believed to have originated from Russia's military intelligence agency, the GRU. While no official attribution has been made, forensic analysis and overlapping tools, techniques, and procedures with activity described in public reporting by US agencies point towards a Russian connection.

The incident has raised concerns among security officials about the cybersecurity risks facing maritime transport, particularly physical attempts to access ships' onboard networks for tampering and conducting long-term surveillance. MSC controls the world's largest container fleet and plays a key role in global trade linking Europe, Asia, and the US.

With the vast majority of world trade carried by maritime transport, such breaches pose a significant global security risk. Hacks can ripple across supply chains, threaten critical infrastructure, and expose sensitive military and commercial movements worldwide.

The hackers attempted to gain access to the ship's office computer network, which would have enabled them to impersonate a legitimate user. However, they did not reach operational systems such as navigation, propulsion, or its Automatic Identification System (AIS).

Investigators said that segregation between office and operational networks, along with the absence of remote access to critical controls, prevented lateral movement and ruled out sabotage or hijacking scenarios.

**Previous Incidents and Similarities**

The same ship had been previously targeted in November when investigators found a Raspberry device, a concealed miniature computer no larger than a deck of cards, connected to a shipboard computer in a restricted-access area. The device was removed after triggering security alerts and later subjected to forensic analysis.

In the latest incident, a second Raspberry device was discovered last week and connected to a different onboard computer. Like the first device, it was paired with a cellular modem, enabling remote access to the ferry's internal computer network and external connections. The device remains under judicial seizure and has not yet been fully analyzed.

Investigations have identified similarities in how the attackers established and maintained contact with external command-and-control servers, the structure of those connections, and the behavior of files introduced into the target environment. Such patterns are consistent with operations previously attributed to Russia's GRU, including Unit 29155.

**Ongoing Investigation**

The inquiry involving French and Italian officials remains ongoing, with authorities examining whether the attempted intrusion is linked to Russia's military intelligence agency. A spokesperson for the Kremlin did not immediately respond to a request for comment.

French media outlet Le Parisien previously reported that French intelligence services were investigating the discovery of spyware aboard the ferry and considering a possible Russian link. With concerns about cybersecurity risks in maritime transport continuing to rise, officials suspect that a third Raspberry device may still be active aboard another vessel.

**Related Articles**

* [Insert related articles here]

**Stay Up-to-Date with Automatic Alerts for This Topic**

Get the latest news and updates on this topic delivered directly to your inbox. Sign up for automatic alerts and stay informed about the latest developments in cybersecurity and maritime transport.