The Paris public prosecutor’s office has launched a judicial investigation into a serious case of cyber-espionage involving the Fantastic ferry operated by Grandi Navi Veloci, which was stationary in the port of Sète. The inquiry, opened on 14 December 2025, concerns the possible compromise of the ship’s onboard IT system through a malicious device theoretically capable of allowing remote access to the vessel’s systems. The case is being handled by the prosecutor’s specialist cybercrime unit and has been entrusted to the Direction Générale de la Sécurité Intérieure, France’s domestic intelligence service with responsibilities that include counter-espionage.
According to the prosecutor’s office, the judicial investigation was opened for offences including an attack on an automated data processing system allegedly organised in the interests of a foreign power, participation in a criminal association and the unjustified possession of IT tools designed to compromise digital systems. The legal classification of the case places the inquiry in a particularly sensitive area, going beyond ordinary cybercrime and touching on national security and the protection of critical infrastructure.
The investigation originated from a report sent by the Italian authorities to their French counterparts. The information indicated that the Fantastic’s IT system – the ro-pax vessel operates routes between France and North Africa, in particular between Sète and Tangier – may have been infected with a Remote Access Tool-type malware. This type of software can, under certain conditions, allow remote access to an IT system and exert extensive control over its functions. According to Paris investigators, the ship’s systems were potentially compromised by such a device, triggering security measures and the immediate intervention of the French authorities.
On the basis of the elements provided by Italy, two crew members were detained on Friday 12 December 2025 while the vessel was in the port of Sète. A Latvian national was formally charged on all counts and placed in pre-trial detention at the end of police custody. A second crew member, a Bulgarian national, was released without charge following preliminary checks. The defence of the Latvian suspect, represented by Paris-based lawyer Thibault Bailly, stated that the investigation would clarify several still ill-defined elements and scale back the scope of the case, describing as unnecessary the hypothesis of Russian involvement put forward by parts of the press.
Alongside the arrests, the French authorities ordered the temporary detention of the Fantastic to allow all necessary technical checks on the onboard IT systems. The ship was initially sealed to preserve evidence and avoid any risk to the safety of people and port operations. Investigators from the Dgsi seized numerous data carriers and devices, which will be analysed in detail to establish the nature of the malware identified and the actual level of compromise. After the completion of the first technical assessments, the seals were removed on 14 December and the ferry was able to resume service following decisions by the competent administrative maritime authorities.
The inquiry has a significant international dimension. Searches were carried out in Latvia with the support of Eurojust, the European Union agency for criminal judicial cooperation, which facilitated information exchange between the authorities involved. Cross-border judicial cooperation is one of the central elements of the case, given the nationality of those under investigation, the origin of the initial alerts and the international operating context of maritime transport.
From a technical perspective, the malware identified would fall into the category of Remote Access Trojans, tools known for their ability to provide full remote access to infected systems. In the maritime sector, the presence of this type of software raises questions about the protection of onboard networks and the separation between a ship’s operational systems and external communication networks. Some maritime cybersecurity experts have nevertheless pointed out that critical ship control systems are not normally permanently connected to the internet, making the hypothesis of direct remote control of navigation extremely complex. The actual operational risk therefore remains subject to technical assessment within the framework of the investigation.
On the political and institutional front, French interior minister Laurent Nuñez publicly confirmed the seriousness of the case, referring to an attempted intrusion into a ship’s data processing system and explicitly evoking the track of foreign interference. Without directly naming any country, his statements fit into a European context marked by growing attention to cyber-espionage and interference operations attributed to foreign powers, particularly in the field of critical infrastructure and transport.
The J3 section of the Paris prosecutor’s office, which specialises in cybercrime, is now one of the main points of reference in France for this type of proceeding, handling hundreds of cases every year. The direct involvement of the Dgsi reflects the sensitive nature of the investigation and its potential relevance for national security. It is not the first incident involving Grandi Navi Veloci: in 2019 the company had already reported being the victim of a cyberattack that led to the compromise of some passengers’ personal data.
The Fantastic case fits into a broader context of growing attention to cybersecurity in the maritime and logistics sector. The progressive digitalisation of ships, ports and transport chains increases operational efficiency but also exposes the sector to new risks. The International Maritime Organization’s guidelines on cyber risk management and initiatives adopted by several European port authorities testify to a growing awareness, which the Sète investigation further reinforces.
Pietro Rossoni
