Maritime Cyber‑Espionage Escalates in Nordic Region as Shadow Fleets and GPS Spoofing Resurface
Norwegian‑led maritime cyber‑resilience centre Norma Cyber has reported a sharp rise in state-backed cyber‑espionage targeting ships and port infrastructure across the Nordic region. In 2024 alone, the centre recorded 239 disruptive cyber‑incidents—many linked to the pro‑Russian hacking group NoName057(16). These incidents included phishing campaigns, infected USB devices, and compromised satellite communications systems, illustrating the broad spectrum of cyber vulnerabilities facing maritime operations.
Electronic warfare continues to intensify at sea, particularly in the Baltic and Arctic waters. Authorities have observed GPS jamming and spoofing incidents—most notably around Finland and Sweden—likely attributed to Russian operations designed to displace ships by miles, thus undermining navigational safety. Norma Cyber emphasises that crews must retain proficiency in traditional navigation techniques to compensate when digital systems are compromised.
Meanwhile, maritime security experts have identified a growing presence of unregulated oil tankers known collectively as the “shadow fleet.” Estimates suggest this fleet comprises between 600 and 900 ageing vessels that evade Western sanctions through practices such as disabling tracking systems, flying flags of convenience, and engaging in ship‑to‑ship transfers. Many of these vessels lack proper insurance and regulatory oversight, posing serious environmental and safety risks. Some shadow fleet tankers may even serve intelligence‑gathering roles, outfitted with surveillance equipment to monitor neighbouring coastal states.
Hybrid warfare tactics are increasingly evident in maritime domains. In December, Finland seized the Eagle S tanker after undersea power and data cables were cut in Finnish waters. Investigations suggest such incidents may be deliberate acts of sabotage rather than accidents. NATO has responded by establishing surveillance and protection missions, such as Baltic Sentry and the AI‑supported “Nordic Warden,” using naval drones, aircraft, and AI systems to monitor suspicious vessels and critical undersea infrastructure.
This convergence of cyber‑espionage, navigational interference, and operation of shadow fleets highlights a sophisticated grey‑zone strategy by states such as Russia, Iran, and China. While these tactics fall short of conventional warfare, they significantly threaten global shipping, environmental safety, and undersea infrastructure resilience. Maritime authorities, shipping companies, and coastal nations must urgently enhance cybersecurity training, reinforce maritime situational awareness, and improve regulations governing vessel identity and ownership.
