contactContact

MENUMenu

株式会社オルカ

ENGLISHENGLISH

お問い合わせお問い合わせ

Important Notice – Critical Security Incident via TeamViewer

  1. HOME
  2. HOME
  3. News & Report
  4. 2025-10-01

Important Notice – Critical Security Incident via TeamViewer

Thank you for your continued support.

 

We would like to inform you of a recent critical security incident involving the use of TeamViewer on board vessels.

TeamViewer is widely used as a convenient tool for remote PC maintenance.

However, in this case, it was improperly used and led to malicious attacks on the vessel’s onboard LAN.

On the affected vessel, TeamViewer had been installed on all business PCs within the LAN, configured for permanent connection mode with a fixed password.

This setup was most likely intended to allow the shore-based IT team to perform routine maintenance.

Unfortunately, the access credentials appear to have been exposed externally, and evidence of unauthorized remote access was detected.
The captain personally witnessed suspicious activity on his PC and, after confirming with the management company that no internal staff were accessing the system, it was determined that an external party had connected.

The vessel is currently verifying whether any files within the shared folders have been deleted or manipulated.

While TeamViewer can be a highly effective maintenance tool, improper operation poses significant risks. If an ID and password are leaked, anyone in the world can easily gain access, potentially leading to severe security incidents.

We kindly ask all companies to review and adhere to the following measures:

(1) Restrict TeamViewer Sessions
TeamViewer on business LAN PCs should not be set for permanent connection mode.

Crew should launch it only when needed, and close it immediately after remote access is completed.

(2) Isolate Vendor-Access Systems
For PCs used for chart updates or IoT device control where vendors may require permanent access, such systems should be placed in a separate network segment from the business LAN, with access strictly limited to the required scope.

Please note: All business PCs arranged by ORCA are configured in line with measure (1).

However, we have observed that some non-ORCA supplied PCs are sometimes left in a permanent connection mode for convenience.

This is extremely risky and presents a significant vulnerability.

We strongly recommend that all companies take this opportunity to review and improve their practices.

Thank you for your continued trust in ORCA.

Thanks & Best Regards,

PAGETOP