NATO has issued a warning to ports about cyberattacks in a prepared report.
According to the report, ports, which handle 80% of global trade and form the backbone of NATO’s logistics chain, have now become “magnets” for cyberattacks by Russia, Iran, and China, as well as ransomware gangs and politically motivated hacktivists.
The report outlines an increasingly aggressive threat landscape. Russian GRU-linked APT28, Iranian groups like APT35 and MuddyWater, and Chinese operations such as Mustang Panda are all actively targeting port systems, including access control, vessel traffic services, and fuel terminals.
Meanwhile, groups like BlackCat and NoName057 have caused disruptions in Hamburg, Antwerp, and Felixstowe, while ransomware attacks and DDoS campaigns continue to hit major European terminals. The civilian-military divide is deepening the crisis: most ports are privately owned yet serve dual military functions, with minimal integration into NATO’s cyber defenses.
The CCDCOE is calling for urgent reforms, such as updating NATO’s maritime strategy, increasing intelligence sharing, and incorporating cyber training into NATO exercises, to prevent future digital blockades in global ports.
Singapore faced a major cyber threat over the weekend as K. Shanmugam, the coordinating minister for national security, confirmed a serious attack targeting the city-state’s critical infrastructure. Authorities attribute the attack to UNC3886, a sophisticated, state-linked espionage group with potential ties to China. Classified as an advanced persistent threat, the breach targeted high-value systems like energy grids, transportation networks, and financial institutions, risking disruptions to essential services such as electricity, ports, and airports.
