Kathimerini reported on March 18 that Greek shipowners and companies in banking, transport, telecommunications, health, and energy began scanning their systems after a high-priority advisory from Greece’s National Cybersecurity Authority tied to cyber risks stemming from the Iran war. The report said Greece had not identified a significant breach so far, although one source said some activity had been tracked.
The advisory followed incidents already linked in public reporting to the conflict, including the March 11 cyberattack on Stryker claimed by the Iran-linked Handala group and a cyberattack on Albania’s parliamentary infrastructure that The Record reported was claimed by the Iran-linked Homeland Justice group. For the broader conflict picture, see our Iranian Revolution 2026 intelligence briefing and our report on the Stryker cyberattack claimed by Handala.
What the warning reportedly included
The Economic Times reported that the advisory urged firms to carry out checks against possible Iran-linked cyber activity and was sent to sectors including shipping, banking, transport, telecommunications, healthcare, and energy. Public reporting also said at least two shipping companies received the warning, but no reviewed source publicly identified specific Greek companies by name.
That report said the alert referenced suspicious IP addresses, tools, and malware including the VShell remote access trojan, and mentioned a confirmed incident affecting a large international organisation abroad without naming it. It also said some of the suspicious activity was linked to Iranian IP addresses and that Greek officials assessed the hostile infrastructure as including at least two layers, suggesting a more deliberate setup than routine background scanning.
The maritime angle is not incidental. The same coverage noted a rise in electronic interference affecting commercial ship navigation systems around the Strait of Hormuz and the wider Gulf since the conflict intensified. That makes the warning relevant well beyond Greek domestic networks, especially for operators exposed to Gulf shipping routes. Related Cyberwarzone coverage includes the foiled cyberattack on Poland’s nuclear research centre and the strike on Iran’s South Pars gas field.
