Cyberattack Hits Major Spanish Fishing Port

A ransomware attack recently disrupted operations at the Port of Vigo in Spain, forcing authorities to shut down affected IT systems and switch to manual processes. Critical platforms used for managing cargo and logistics were taken offline, creating delays and operational inefficiencies. Although ships continued to move and port activity did not fully stop, the reliance on paper-based workflows slowed coordination and highlighted how dependent modern ports are on digital infrastructure.

This incident reinforces the growing cybersecurity risks facing critical infrastructure. Ports, like many logistics hubs, rely heavily on interconnected systems to manage supply chains, making them attractive targets for cybercriminals. Even when physical operations remain functional, the disruption of digital systems can spread across industries, affecting trade flows, scheduling, and economic stability. Ongoing investigations aim to determine how the attackers gained access and whether sensitive data was compromised.

The importance of strong cybersecurity becomes even clearer when viewed alongside past disruptions such as the Suez Canal blockage, where a single incident caused massive delays and cost the global economy billions, including significant impacts on Europe. While that event was not cyber-related, it demonstrated how fragile and interconnected global trade systems are. A similar level of disruption caused by cyberattacks could have equally severe—or even more widespread—economic consequences, underscoring the urgent need for robust cyber resilience in critical infrastructure.

https://bit.ly/4mhw1CF

Keynotes:

"A ransomware attack has disrupted digital systems at Spain’s Port of Vigo, forcing authorities to disconnect parts of its network and temporarily manage cargo operations manually..."

"...Officials told local media the incident locked some equipment and involved a ransom demand."

"...Some operators have been instructed to rely on manual procedures and paper documentation to continue working."

"Ports and maritime organizations have increasingly become targets for ransomware gangs in recent years because of their critical role in global trade."

"In 2023, Japan’s Port of Nagoya temporarily suspended operations following a ransomware attack attributed to the LockBit cybercrime group. Ports across Belgium, the Netherlands, Germany, Portugal, Japan, Australia and in U.S. cities like Houston have all faced attack."

The Shadow Campaigns Carrying Out Global Espionage

Palo Alto Networks Unit 42 has published a new report about large-scale cyber espionage activities, called the Shadow Campaigns.

The research shows that a state-linked threat group has been active for more than a year and has targeted government and critical infrastructure organizations in many countries around the world.

Key points from the report:

- Organizations in dozens of countries were affected.

- Targets included government agencies, border control, law enforcement, and finance departments.

- Attackers often used phishing emails and known system weaknesses to get access.

- The activity shows long-term spying, not quick attacks.

This report is a strong reminder that cyber espionage is real and ongoing. Even well-protected organizations can be targets, which makes awareness and good security practices more important than ever.

https://bit.ly/3ZHAO5T

Keynotes:

"This investigation unveils a new cyberespionage group that Unit 42 tracks as TGR-STA-1030. We refer to the group’s activity as the Shadow Campaigns. We assess with high confidence that TGR-STA-1030 is a state-aligned group that operates out of Asia. Over the past year, this group has compromised government and critical infrastructure organizations across 37 countries. This means that approximately one out of every five countries has experienced a critical breach from this group in the past year. Further, between November and December 2025, we observed the group conducting active reconnaissance against government infrastructure associated with 155 countries."

"In addition to phishing campaigns, the group often couples exploitation attempts with their reconnaissance activities to gain initial access to target networks. To date, we have not observed the group developing, testing or deploying any zero-day exploits. However, we assess that the group is comfortable testing and deploying a wide range of common tools, exploitation kits and proof-of-concept code for N-day exploits."

"We assess that the group relies heavily on a mix of command-and–control (C2) frameworks and tools common to the actors’ region to move laterally and maintain persistent access within compromised environments."

"The group’s reconnaissance efforts shed light on its global interests. We have also observed the group's success at compromising several government and critical infrastructure organizations globally. We assess that over the past year, the group compromised at least 70 organizations across 37 countries,..."