French authorities arrest man for installing malware on a passenger ferry on behalf of 'a foreign power' — could have enabled external control of systems, including navigation

French authorities have arrested a Latvian national suspected of installing malware aboard an Italian passenger ferry while it was docked in southern France, after investigators determined that infected onboard systems could potentially have been accessed remotely. The case, reported by Le Monde, is now being handled by an investigating judge in Paris and has drawn attention to how closely modern ship navigation might sit alongside conventional IT systems.

The vessel involved, the Fantastic, is operated by Italian shipping company Grandi Navi Veloci and was docked in the Mediterranean port of Sète when the malware was discovered. Italian authorities had warned France that the vessel’s operating system could have been infected by a Remote Access Trojan (RAT), which enables hackers to gain remote control of a system.

According to the Paris prosecutor’s office, two crew members were initially detained. A Bulgarian national was released without charge, while a Latvian crew member who had recently joined the ship remains in custody. Prosecutors say that an investigation has been opened into a suspected attempt "by an organized group to attack an automated data-processing system, with the aim of serving the interests of a foreign power."

While GNV has not disclosed which onboard systems were affected, French and Italian media reports indicate that investigators believe the malware could have provided access to operating systems linked to ship functions, potentially including navigation-related components.

French Interior Minister Laurent Nuñez has publicly described the incident as a case of suspected foreign interference, stating that investigators are examining whether a state actor was involved. He stopped short of naming a country but noted that such interference has become a recurring feature of recent investigations across Europe.

Ferries rely on a mix of standard PCs, industrial controllers, and embedded systems to handle everything from route planning and engine monitoring to cargo management and crew administration. While safety-critical systems are typically designed to be segmented from general-purpose networks, real-world implementations often rely on shared infrastructure, which can blur those boundaries.

The Latvian crew member could face charges including possession of equipment capable of interfering with navigation systems, suggesting investigators believe the malware was more than a generic data theft tool. Remote access software, if installed on a poorly isolated system, can serve as a foothold for lateral movement into more sensitive networks.

The ferry investigation is unfolding alongside a separate French probe into a cyberattack on the Interior Ministry’s email servers, for which a 22-year-old suspect was arrested earlier this week.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.