Maritime ports are facing a deluge of cyber attacks from state-backed hackers, according to a new policy brief from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE). Handling 80% of world trade and underpinning NATO’s logistics chain, ports are now magnets for cyber aggression from Russia, Iran, and China, as well as ransomware gangs and politically motivated hacktivists, the report warns.

The brief outlines an increasingly aggressive threat landscape. Russian GRU-linked APT28, Iranian groups like APT35 and MuddyWater, and Chinese operations such as Mustang Panda are all actively targeting port systems—including access control, vessel traffic services, and fuel terminals.

Meanwhile, ransomware attacks and DDoS campaigns continue to hit major European terminals, with groups like BlackCat and NoName057 inflicting trouble in Hamburg, Antwerp, and Felixstowe. The civil-military divide is compounding the crisis: most ports are under private ownership, yet serve dual military functions with little integration into NATO’s cyber defences.

The CCDCOE calls for urgent reforms—updating NATO’s maritime strategy, boosting intelligence-sharing, and embedding cyber training in NATO exercises—to prevent future digital blockades at the world’s docks.

Singapore faced a major cyber threat over the weekend, with coordinating minister for national security K. Shanmugam confirming a serious attack targeting the city-state’s critical infrastructure. Authorities attribute the assault to UNC3886, a sophisticated, state-linked espionage group with potential ties to China. The breach, classified as an advanced persistent threat, aimed at high-value systems including energy grids, transport networks, and financial institutions, risking disruptions to essential services like power, ports, and airports.