Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks
An attack by the Anubis ransomware group on a port authority on the Adriatic has raised alarms about maritime infrastructure security. 🚨 New analysis published on June 11 by threat intelligence firm Resecurity examined a cyber-attack that saw Anubis list the Adriatic Port Authority on its data leak site.
The Adriatic Port Authority (Autorità di Sistema Portuale del Mare Adriatico Centrale), which manages the Italian port of Ancona, reported that the breach dated back to December 11, 2025, and was attributed to Anubis in January 2026, when the group claimed responsibility and leaked the data. While the authority estimated the data loss at about 2%, Resecurity’s report indicated more severe consequences, including crippled operations, rerouted vessels, and a staggering $10 million Bitcoin ransom demand. 💰
The stolen data reportedly included contracts, employee records, and sensitive port safety plans, which are highly sought after by groups involved in smuggling or insider recruitment.
Resecurity believes the attackers gained access through a spear-phishing email targeting staff at the company managing the port, subsequently moving laterally to core systems. The attack exploited IT weaknesses, such as insecure cloud accounts managing Office 365 and Azure, rather than targeting operational technology directly.
Anubis emerged in December 2024 and launched an affiliate program in February 2025, offering a ransomware-as-a-service (RaaS) model built around double extortion. The group boasts that its model has generated over $20 million, with victims spanning healthcare, construction, and engineering sectors.
Resecurity linked the group to the mass exploitation of internet-facing systems, often through known but unpatched vulnerabilities, including SonicWall VPNs lacking multi-factor authentication, SolarWinds Web Help Desk, and Cisco SSL VPNs. Beyond the port itself, Resecurity highlighted this attack as part of a troubling trend of ransomware incidents targeting ports, from Maersk to Japan’s Nagoya. They warned that outdated port IT and low cyber maturity leave the sector vulnerable as digitization expands the attack surface, a growing maritime security concern expected to intensify through 2030. 🌊