By Renee Maltezou and Yannis Souliotis ATHENS, March 18 (Reuters) - Greek shipowners and other companies are scanning their computer systems for evidence of cyberattacks after advice from the National
Greek firms scan computer systems as Iran war raises cyberattack risks, sources say
Rising Cybersecurity Concerns Amid Iran War
By Renee Maltezou and Yannis Souliotis
ATHENS, March 18 (Reuters) - Greek shipowners and other companies are scanning their computer systems for evidence of cyberattacks after advice from the National Cybersecurity Authority, two sources said on Wednesday following incidents that have been linked to the Iran war.
The authority last week sent an advisory, seen by Reuters, to security officers of shipping companies, banks and firms in the transport, telecommunications, health and energy sectors, a source at the authority said, adding that the move was pre-emptive.
Recent Cyberattack Incidents Linked to Iran
An Iranian-linked hacking group claimed responsibility on March 11 for a cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group's Telegram channel.
Albania has also confirmed a cyberattack on the digital infrastructure of its parliament last week that local media said was by the Iran-linked, self-styled "Homeland Justice" group.
Albanian authorities told Reuters that any attempt to compromise the country's critical infrastructure has been successfully repelled.
Greek Advisory and Response Measures
GREEK ADVISORY URGES SCANS
The Greek advisory, marked "high-priority", urged firms to perform the scans and inform security officers of a confirmed incident that affected a "large international organisation" abroad. It did not name it.
It listed indicators of possible compromise, including IP addresses, tools and malware, such as the VShell Remote Access Trojan. Anyone finding evidence of attack should immediately review their systems and block those IPs, it said.
Two separate sources said at least two shipping companies have received the warning. Electronic interference with commercial ship navigation systems has surged in recent days around the Strait of Hormuz and the wider Gulf.
All the sources asked not to be named because they were not authorised to speak to the media.
Investigation Findings and Ongoing Threats
The first two said Greece had yet to find evidence of a significant attack, although one of them said "some sort of activity" had been tracked.
The Greek advisory said an investigation into the confirmed incident had pointed to an unidentified, sophisticated threat actor using two layers of infrastructure to scan activity, attempt unauthorised access, host malware or run command-and-control mechanisms and avoid being traced.
The second source said that some of the IP addresses listed in the Greek advisory originated from Iran.
Albania's Experience and Regional Implications
In 2022, Albania cut diplomatic relations with Iran after a cyberattack against state institutions that it blamed on the Islamic Republic. On Tuesday, the Albanian parliament adopted a resolution declaring Iran a "sponsor of terrorism" and condemning cyberattacks carried out against Albanian institutions.
Asked to comment on the latest attack, government spokesperson Manjola Hasa told Reuters the country has built one of the most advanced cyber defence systems in Europe and will keep strengthening its defences.
Conclusion and Ongoing Monitoring
(Additional reporting by Fatos Bytyci in Pristina; Editing by Barbara Lewis)
