Cyber-Enabled Maritime Sanctions Evasion
Iranian and Russian shadow fleet vessels are using a sophisticated network of over 36 fake websites impersonating maritime authorities and organizations from various countries to evade sanctions. This infrastructure is organized into three clusters with overlapping technical features, indicating a coordinated ecosystem supporting multiple evasion networks. Techniques include automated document generation, typosquatting, identity spoofing, and mutual endorsement among fraudulent entities. The operation is linked to an Indian web development company and two Syrian nationals. The campaign targets maritime sanctions enforcement by creating a complex web of fraudulent maritime legitimacy.
AI Analysis
Technical Summary
This campaign involves Iranian and Russian shadow fleet vessels leveraging a complex online infrastructure of more than 36 inauthentic websites that mimic official maritime registries, national administrations, seafarer training bodies, protection and indemnity clubs, and classification societies from multiple jurisdictions. The infrastructure is divided into three clusters (Alpha, Bravo, Charlie) with technical overlaps, suggesting a coordinated ecosystem facilitating sanctions evasion. Operators use tactics such as automated document generation, typosquatting, identity spoofing, and mutual endorsement loops between fraudulent entities to create a credible facade. Attribution includes an Indian web development firm and two Syrian nationals. The infrastructure supports at least seventeen vessels involved in sanctions evasion activities.
Potential Impact
The campaign enables sanctioned vessels to evade maritime sanctions by creating fraudulent legitimacy through fake websites and documents, undermining enforcement efforts. This facilitates continued operation of shadow fleet vessels despite international sanctions, potentially allowing illicit trade and movement of goods. The use of sophisticated online infrastructure complicates detection and attribution, increasing the challenge for maritime authorities and sanctions enforcement agencies.
Mitigation Recommendations
No official patch or fix applies as this is a campaign involving fraudulent infrastructure rather than a software vulnerability. Mitigation involves enhanced maritime sanctions enforcement, verification of vessel documentation against trusted sources, and awareness of typosquatting and fraudulent maritime websites. Authorities should monitor and block identified fraudulent websites and coordinate internationally to disrupt the supporting infrastructure. No vendor advisory or direct remediation is available; response relies on operational and intelligence measures.
Indicators of Compromise
- domain: imspanel.com
- domain: olymposnaval.com
- domain: beninmaritime.co
- domain: oceaniektechnologies.com
- url: http://beninmaritime.org/ship-registry
- url: http://static.eigbox.ne
- domain: alliance-scs.org
- domain: atlasregister.net
- domain: atlasregister.org
- domain: benin-maritime.org
- domain: beninmaritime.bj
- domain: beninmaritime.in
- domain: beninmaritime.net
- domain: beninmaritime.org
- domain: brunieshipclass.org
- domain: btn-shipreg.com
- domain: cameroonshipregistry.org
- domain: chad-maradmin.org
- domain: epnicaragua.com
- domain: epnicaragua.org
- domain: eqguinea-shipadmin.org
- domain: gove.bj
- domain: guve.bj
- domain: haiti-shipreg.com
- domain: hellasnaval.com
- domain: hellasnaval.net
- domain: hss-registry.org
- domain: imsnaval.com
- domain: isithin.com
- domain: marinegov.net
- domain: marinegov.org
- domain: medlloyd.online
- domain: medlloyd.org
- domain: mpabd-shipregistry.org
- domain: nauticacentro.com
- domain: nauticacentro.mx
- domain: niataregister.net
- domain: niataregister.org
- domain: pioneersmaritime.com
- domain: sasmaa.club
- domain: zambiamaritime.org
- domain: zambmaritime.org
- domain: zambshipadmin.org
- domain: malawi.marinegov.net
- domain: 150.160.96.66.static.eigbox.ne
- domain: bma.gov.bj
- domain: hellasnaval.net.olymposnaval.com
- domain: imspanel.com.olymposnaval.com
- domain: malawi.marinegov.org
- domain: malawi.shipregistry.marinegov.org
- domain: medlloyd.online.beninmaritime.net
- domain: medlloyd.online.olymposnaval.com
- domain: pdf.beninmaritime.co
- domain: registry.zmgov.org
Cyber-Enabled Maritime Sanctions Evasion
Description
Iranian and Russian shadow fleet vessels are using a sophisticated network of over 36 fake websites impersonating maritime authorities and organizations from various countries to evade sanctions. This infrastructure is organized into three clusters with overlapping technical features, indicating a coordinated ecosystem supporting multiple evasion networks. Techniques include automated document generation, typosquatting, identity spoofing, and mutual endorsement among fraudulent entities. The operation is linked to an Indian web development company and two Syrian nationals. The campaign targets maritime sanctions enforcement by creating a complex web of fraudulent maritime legitimacy.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This campaign involves Iranian and Russian shadow fleet vessels leveraging a complex online infrastructure of more than 36 inauthentic websites that mimic official maritime registries, national administrations, seafarer training bodies, protection and indemnity clubs, and classification societies from multiple jurisdictions. The infrastructure is divided into three clusters (Alpha, Bravo, Charlie) with technical overlaps, suggesting a coordinated ecosystem facilitating sanctions evasion. Operators use tactics such as automated document generation, typosquatting, identity spoofing, and mutual endorsement loops between fraudulent entities to create a credible facade. Attribution includes an Indian web development firm and two Syrian nationals. The infrastructure supports at least seventeen vessels involved in sanctions evasion activities.
Potential Impact
The campaign enables sanctioned vessels to evade maritime sanctions by creating fraudulent legitimacy through fake websites and documents, undermining enforcement efforts. This facilitates continued operation of shadow fleet vessels despite international sanctions, potentially allowing illicit trade and movement of goods. The use of sophisticated online infrastructure complicates detection and attribution, increasing the challenge for maritime authorities and sanctions enforcement agencies.
Mitigation Recommendations
No official patch or fix applies as this is a campaign involving fraudulent infrastructure rather than a software vulnerability. Mitigation involves enhanced maritime sanctions enforcement, verification of vessel documentation against trusted sources, and awareness of typosquatting and fraudulent maritime websites. Authorities should monitor and block identified fraudulent websites and coordinate internationally to disrupt the supporting infrastructure. No vendor advisory or direct remediation is available; response relies on operational and intelligence measures.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.recordedfuture.com/research/media_12cb79eec13b6af7520af3c1ae6768c0f4b25e945.gif?width=1200&format=pjpg&optimize=medium","https://www.recordedfuture.com/research/cyber-maritime-sanctions-evasion"]
- Adversary
- null
- Pulse Id
- 6a2add68a8beede13c14c559
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domainimspanel.com | — | |
domainolymposnaval.com | — | |
domainbeninmaritime.co | — | |
domainoceaniektechnologies.com | — | |
domainalliance-scs.org | — | |
domainatlasregister.net | — | |
domainatlasregister.org | — | |
domainbenin-maritime.org | — | |
domainbeninmaritime.bj | — | |
domainbeninmaritime.in | — | |
domainbeninmaritime.net | — | |
domainbeninmaritime.org | — | |
domainbrunieshipclass.org | — | |
domainbtn-shipreg.com | — | |
domaincameroonshipregistry.org | — | |
domainchad-maradmin.org | — | |
domainepnicaragua.com | — | |
domainepnicaragua.org | — | |
domaineqguinea-shipadmin.org | — | |
domaingove.bj | — | |
domainguve.bj | — | |
domainhaiti-shipreg.com | — | |
domainhellasnaval.com | — | |
domainhellasnaval.net | — | |
domainhss-registry.org | — | |
domainimsnaval.com | — | |
domainisithin.com | — | |
domainmarinegov.net | — | |
domainmarinegov.org | — | |
domainmedlloyd.online | — | |
domainmedlloyd.org | — | |
domainmpabd-shipregistry.org | — | |
domainnauticacentro.com | — | |
domainnauticacentro.mx | — | |
domainniataregister.net | — | |
domainniataregister.org | — | |
domainpioneersmaritime.com | — | |
domainsasmaa.club | — | |
domainzambiamaritime.org | — | |
domainzambmaritime.org | — | |
domainzambshipadmin.org | — | |
domainmalawi.marinegov.net | — | |
domain150.160.96.66.static.eigbox.ne | — | |
domainbma.gov.bj | — | |
domainhellasnaval.net.olymposnaval.com | — | |
domainimspanel.com.olymposnaval.com | — | |
domainmalawi.marinegov.org | — | |
domainmalawi.shipregistry.marinegov.org | — | |
domainmedlloyd.online.beninmaritime.net | — | |
domainmedlloyd.online.olymposnaval.com | — | |
domainpdf.beninmaritime.co | — | |
domainregistry.zmgov.org | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttp://beninmaritime.org/ship-registry | — | |
urlhttp://static.eigbox.ne | — |
Threat ID: 6a30564e0b89be688885b445
Added to database: 6/15/2026, 7:45:18 PM
Last enriched: 6/15/2026, 8:01:12 PM
Last updated: 6/15/2026, 9:48:05 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.