Report: U.S. Carried Out Covert Cyberattack on Iranian Spy Ship

Cyber command
U.S. Navy file image

Published Feb 15, 2024 6:53 PM by The Maritime Executive

Three U.S. officials have confirmed an operation to hack the computer systems of an Iranian spy ship, identified as the converted freighter Behshad. The ship is widely suspected of providing targeting information and intelligence to Yemen's Houthi rebels, who have been launching missile and drone attacks on merchant shipping since November. 

Behshad deployed to the Red Sea in 2021, and analysts believe that the ship has served as a staging point and command post for the Islamic Revolutionary Guard Corps' operations in Yemen. Iran is the primary foreign sponsor of the Houthi movement, and it supplies the group with the arms needed for a modern insurgency - not just guns, but ballistic missiles, air defense systems and suicide drones. The U.S. Navy and U.S. Coast Guard have repeatedly intercepted shipments of advanced Iranian armaments bound for Yemen. 

Iran first used another anchored merchant ship, the Saviz, to facilitate this trade. In 2019, Saviz was damaged by an unexplained explosion and had to be replaced, and the Behshad took over. It held a position in the Red Sea until early January, when it relocated to the Gulf of Aden. At about the same time, the focus of Houthi ballistic missile attacks shifted from the Red Sea to the same region. The attacks subsided in early February, about the same time that Behshad decided to put into port in Djibouti. (It is still there, anchored about three nautical miles from the Chinese naval base, east of the main seaport.)

Iran denies that Behshad has any role in covert military operations, and insists that it is present purely for anti-piracy missions. 

This week, three U.S. officials told NBC that American forces recently carried out a cyberattack targeting an Iranian vessel, which one of them identified as Behshad. The event occurred more than a week ago, and has only been disclosed on background. The operation was intended to interfere with Behshad's targeting role in the Houthi attacks. 

The U.S. has likely used cyberwarfare capabilities to target Iran before. The famous Stuxnet worm was perhaps the first major nation-state cyberattack, and it reportedly set back operations in Iran's uranium enrichment program by targeting industrial control systems. The attack has never been officially acknowledged.