In mid‑December 2025, French authorities launched an investigation after Italian intelligence alerted them to malware detected onboard the Fantastic, a Grandi Navi Veloci (GNV) ferry docked at Sète on France’s Mediterranean coast.  The malicious software – identified as a Remote Access Trojan (RAT) – possessed capabilities that could allow attackers to remotely seize control of the ferry’s systems.

Two crew members – one Latvian and one Bulgarian – were detained following the alert.  The Latvian remains in custody in France, formally charged with conspiring to infiltrate computer systems on behalf of a foreign power, attempted intrusion, and possessing tools intended to interfere with navigation.  The Bulgarian was released without charges after preliminary checks.

French authorities, aided by Italy and Eurojust, executed searches in Latvia, seizing multiple items including devices for malware deployment.

It is unclear which specific systems were targeted, however navigation and Operational Technology (OT) systems may have likely been the end goal, given the charges included possession of devices that can interfere with navigation, and the investigation included removing equipment from the ferry.

An attack against a vessel’s operational systems would require crew collusion and likely be facilitated via an implant to bridge the Control Systems on the Operational Technology network to the ferry’s IT network for remote access into these sensitive areas.

Cybersplice collaborated in demonstrating how such attacks against maritime vessels are possible, and how these can be actively detected and thwarted.