Iran’s maritime satellite communications were disrupted in March and again in August 2025 through a supply‑chain breach at Iranian telecoms provider Fanava, impacting fleets of the National Iranian Tanker Company and IRISL and severing links on up to 116 vessels in the first wave and about 64 in the second, according to researchers and media reports. Analysts said the attackers, identifying as Lab‑Dookhtegan, achieved root access to Linux systems running iDirect Falcon software that manages VSAT links, enabling shutdowns of communications, AIS visibility, and ship‑to‑shore coordination, with evidence of destructive actions such as wiping storage partitions and disabling processes on board terminals. Cydome’s “Second Wave Findings” published in late August concluded the campaign was a provider‑level compromise of Fanava’s core infrastructure, turning the satellite service network into a single point of failure for Iranian maritime logistics and forcing hardware replacements on affected vessels. The August operation coincided with Iranian naval maneuvers in the Gulf of Oman and followed a larger March disruption that reportedly aligned with U.S. operations against Iran‑backed Houthis, underscoring broader regional security risks and highlighting vulnerabilities in maritime communications supply chains critical to energy transport. Authorities and experts warned the incident reveals persistent access and strategic surveillance over Iranian shipping operations, elevating the need for enhanced maritime cyber defenses.