French authorities have launched a major counterespionage investigation into an alleged cyberattack targeting an international passenger ferry, with one crew member currently detained on suspicion of acting for an unidentified foreign power. The case emerged after Italian intelligence services alerted France’s General Directorate of Internal Security about potential malware infiltration in the computer systems of a vessel docked at the Mediterranean port of Sète.
According to the Paris prosecutor’s office, investigators discovered remote access trojan (RAT) software capable of seizing control of the ferry’s operational computers. Interior Minister Laurent Nunez characterized the incident as ‘a very serious affair’ during an interview with France Info, confirming that individuals attempted to breach the ship’s data-processing systems. While the specific intent remains undetermined, Nunez acknowledged investigators are pursuing leads related to ‘foreign interference.’
The investigation led to the arrest of two crew members—one Latvian and one Bulgarian—last Friday. The Bulgarian national was subsequently released after questioning, while the Latvian citizen remains in custody facing preliminary charges of criminal conspiracy and hacking offenses allegedly committed to benefit a foreign power. Search operations were also conducted in Latvia as part of the ongoing probe.
The incident occurs amid growing concerns among European nations about Russia’s alleged ‘hybrid warfare’ tactics, which include cyber operations, disinformation campaigns, and other hostile activities that maintain plausible deniability. Although French officials have not explicitly named Russia, Minister Nunez pointedly remarked that ‘foreign interference very often comes from same country.’
The affected ferry has resumed normal operations following comprehensive security evaluations of its computer infrastructure. The case represents the latest in a series of suspected state-sponsored cyber operations targeting European infrastructure.