Draft only: separate verified bridge-collapse records, vessel-safety findings, and cyberattack rumors before publication.
6 min read969 wordsUpdated 27 Apr 2026
4 supporting6 debunking12 sources
Key Bridge Cyberattack Claims
Introduction
On March 26, 2024, at 1:27 a.m. Eastern Time, the container ship MV Dali struck the Francis Scott Key Bridge in Baltimore, Maryland, causing the bridge to collapse within seconds. Six construction workers — members of a crew filling potholes on the bridge deck — were killed. The port of Baltimore, one of the busiest on the East Coast, was closed for weeks while salvage operations cleared the shipping channel.
Within hours of the collapse, claims began circulating online that the incident was not an accident but a deliberate cyberattack, with fingers pointed at Iran, China, Russia, or unspecified "globalist" actors. This article examines what the official investigation found, what evidence exists for and against the cyberattack hypothesis, and why the claim, while understandable as a reflexive response to a shocking and unexpected disaster, lacks documentary or forensic basis.
Draft only: separate verified bridge-collapse records, vessel-safety findings, and cyberattack rumors before publication.
Analysis
Claim Map
Core claim
Claims that the Francis Scott Key Bridge collapse was caused by a cyberattack or coordinated sabotage rather than the documented ship strike investigation.
Documented fact
Social media claims attributed the collapse to Iran, China, and Russia without forensic evidence
Unsupported inference
MV Dali had two documented power blackouts before departure on the night of the collapse
Evidence that would change this
A verdict change would require primary records, court findings, official investigative reports, authenticated technical evidence, or reproducible research that directly contradicts the current working finding.
Current verdict
unsubstantiated, 55% confidence
Evidence Strength Matrix
A compact map of what is documented, where the claim leaps, and what evidence affects the verdict.
Adjacent documented fact
Documented: Social media claims attributed the collapse to Iran, China, and Russia without forensic evidence
Unsupported: The adjacent fact does not by itself prove coordination, motive, scale, or concealment.
Counter-evidence: MV Dali had two documented power blackouts before departure on the night of the collapse
Verdict impact: Sets the baseline for what is real before broader claims are tested.
Claim mechanism
Documented: Any proposed mechanism must be tied to records, physical evidence, technical limits, or named procedures.
Unsupported: A mechanism remains weak when it depends on inference from coincidence, visual artifacts, or anonymous claims.
Counter-evidence: NTSB investigation identified systemic electrical management issues as the probable cause
Verdict impact: Determines whether the claim is testable or mainly narrative pattern-matching.
Verdict movement
Documented: A verdict change would require primary records, court findings, official investigative reports, authenticated technical evidence, or reproducible research that directly contradicts the current working finding.
Unsupported: A claim does not move the verdict by repeating suspicion without new primary evidence.
Counter-evidence: Draft only: separate verified bridge-collapse records, vessel-safety findings, and cyberattack rumors before publication.
Verdict impact: unsubstantiated, 55% confidence
Claim Element
Documented Fact
Unsupported Leap
Counter-Evidence
Source Quality
Verdict Impact
Adjacent documented fact
Social media claims attributed the collapse to Iran, China, and Russia without forensic evidence
The adjacent fact does not by itself prove coordination, motive, scale, or concealment.
MV Dali had two documented power blackouts before departure on the night of the collapse
11 high, 0 medium, 1 low
Sets the baseline for what is real before broader claims are tested.
Claim mechanism
Any proposed mechanism must be tied to records, physical evidence, technical limits, or named procedures.
A mechanism remains weak when it depends on inference from coincidence, visual artifacts, or anonymous claims.
NTSB investigation identified systemic electrical management issues as the probable cause
Latest source year 2024
Determines whether the claim is testable or mainly narrative pattern-matching.
Verdict movement
A verdict change would require primary records, court findings, official investigative reports, authenticated technical evidence, or reproducible research that directly contradicts the current working finding.
A claim does not move the verdict by repeating suspicion without new primary evidence.
Draft only: separate verified bridge-collapse records, vessel-safety findings, and cyberattack rumors before publication.
This page is below one or more content-quality gates: body depth (969/1200 words), supporting evidence balance (4/6), further reading (0/4). Editors are expanding the narrative, source base, and related reading before marking the page complete.
What would change our verdict
A verdict change would require primary records, court findings, official investigative reports, authenticated technical evidence, or reproducible research that directly contradicts the current working finding.
4 min readDifficulty: 5/5First emerged: 2024Fact-checked: May 2026
Body 969/1200 wordsSources 12/12Freshness May 2026, review Jul 2026Evidence 4 supporting / 6 counter
What Happened: The Official Account
The MV Dali, a 300-meter container ship operated by Grace Ocean Private Ltd. and managed by Synergy Marine Group, was departing Baltimore bound for Sri Lanka when it experienced a loss of propulsion and steering approximately two minutes before striking the bridge. The ship's pilot issued a mayday call that allowed Maryland Transportation Authority police to stop traffic on the bridge, preventing far greater loss of life.
The National Transportation Safety Board (NTSB) opened an investigation immediately. Its Marine Investigation Report (released in stages beginning in 2024) identified the causal chain as mechanical and electrical in nature: the Dali had experienced two separate power blackouts before departure on March 26 and had a documented history of electrical issues. On the night of the collapse, the ship lost power twice — the second time with insufficient sea room to regain propulsion before striking the bridge.
The FBI and the Department of Homeland Security (DHS) both confirmed they opened assessments of the incident. Both agencies subsequently confirmed they found no evidence of a cyberattack. The FBI's statement was consistent with standard practice following any major infrastructure incident: opening a preliminary assessment does not imply evidence of criminal activity.
The Cyberattack Hypothesis
Versions of the cyberattack claim took several forms:
Iranian cyberattack as retaliation: Claimed in several Telegram channels and alternative media, alleging the attack was revenge for U.S. support of Israel following October 7, 2023.
Chinese attack on U.S. infrastructure: Some versions invoked the documented prior compromise of U.S. critical infrastructure by Chinese state actors (notably the Volt Typhoon group), but no evidence linked Volt Typhoon to the Dali.
General "false flag" framing: The least specific version claimed the collapse was orchestrated to justify new infrastructure spending, implement a "globalist" agenda, or distract from other news events.
None of these versions was accompanied by forensic evidence: no shipping network logs, no penetration reports, no malware analysis, no evidence of unauthorized remote access to the Dali's navigation or propulsion systems.
What the Engineering Evidence Shows
Modern container ships, including the Dali, use integrated bridge systems (IBS) that connect navigation, propulsion control, and communications. These systems are generally not connected to the public internet; communication with shore occurs through satellite data links used for administrative purposes (email, crew communication, AIS position broadcasting) rather than direct propulsion control. Remote exploitation of propulsion systems requires either a pre-installed backdoor or physical access to the vessel's internal network — neither of which was documented in the Dali case.
The Dali's specific electrical problems were consistent with a pattern documented in its inspection and maintenance records. The vessel had a prior power-loss incident in the port of Antwerp in 2016, attributed at the time to technical malfunction. The 2024 NTSB investigation identified systemic electrical management issues as the probable cause of the Baltimore power loss — a finding consistent with the ship's maintenance history and inconsistent with targeted external interference.
NTSB Findings and FBI/DHS Assessments
The NTSB's preliminary and interim reports documented:
Two power blackouts on March 26, 2024 before departure, including one that caused an emergency generator start
Loss of main propulsion and steering approximately 90 seconds before impact
The pilot's emergency communication to bridge authorities allowed partial traffic stoppage that saved lives
No evidence of external interference with ship systems in the NTSB investigative record
The FBI confirmed in statements to journalists at Reuters and AP that its preliminary assessment found no evidence of a cyberattack. DHS's Cybersecurity and Infrastructure Security Agency (CISA) issued no advisory indicating that maritime vessels or port infrastructure had been exploited in connection with the incident.
Survivorship Bias and Pattern Framing
The cyberattack narrative benefits from a specific framing: any major disaster involving critical infrastructure becomes potentially suspicious. Infrastructure failures are, however, common. The American Society of Civil Engineers grades U.S. infrastructure at a C+ overall; aging electrical systems on commercial vessels cause failures regularly. The Key Bridge collapse was catastrophic in its consequences but consistent in its mechanical cause with documented maritime accident patterns.
The lack of cyberattack evidence does not mean cyberattacks on maritime infrastructure are impossible. Documented cases — including the 2017 NotPetya attack that disrupted Maersk's operations globally — establish that maritime logistics systems are cyber-vulnerable. The claim that because maritime cyberattacks are possible therefore the Dali was cyberattacked is not logically valid.
Verdict
The Key Bridge collapse was caused by mechanical and electrical failure aboard the MV Dali — a finding consistent with the ship's documented technical history and corroborated by the NTSB investigation, FBI preliminary assessment, and DHS/CISA review. No forensic evidence, no penetration data, no malware analysis, and no credible source has documented external interference with the Dali's systems. The cyberattack claim is unsubstantiated. It is plausible to argue that maritime cybersecurity deserves investment; it is not supported by evidence to claim this particular disaster was a deliberate attack.
The Strongest Case For This Theory
Social media claims attributed the collapse to Iran, China, and Russia without forensic evidence
SupportingWeak
Within hours of the collapse, Telegram channels and alternative media sites attributed the incident to Iranian, Chinese, or Russian cyberattack. None of these attributions was accompanied by network logs, malware analysis, penetration reports, or other forensic documentation.
Rebuttal
The speed of attribution — within hours of the event — is inconsistent with the timeline of forensic cyber investigation, which typically requires weeks or months. Early attribution claims without forensic backing do not constitute evidence.
Maritime cyberattacks are a documented real-world concern
SupportingWeak
The 2017 NotPetya attack disrupted Maersk's global maritime operations significantly. IMO cybersecurity guidance (MSC-FAL.1/Circ.3) documents that maritime vessels face genuine cyber risks. The plausibility of maritime cyberattack in general does not constitute evidence that the Dali was attacked.
Rebuttal
The existence of maritime cyber risk does not establish that any specific incident was a cyberattack. Plausibility without evidence is insufficient to overcome documented mechanical causation.
Volt Typhoon's documented U.S. infrastructure targeting was cited without demonstrated link to the Dali
SupportingWeak
Some versions of the cyberattack claim invoked the documented Chinese state-actor group Volt Typhoon, which CISA confirmed in 2024 had targeted U.S. critical infrastructure. No evidence linked Volt Typhoon to the Dali or to maritime vessel propulsion systems.
Rebuttal
Citing a real threat actor does not establish attribution for a specific incident. Volt Typhoon's documented activities involved telecommunications and energy infrastructure — not maritime vessel control.
The geopolitical timing (post-October 7) made cyberattack attribution feel plausible to many
SupportingWeak
The collapse occurred six months after October 7, 2023, during a period of heightened tensions. Proponents argued the timing supported Iran- or Hezbollah-linked attribution. Geopolitical context does not substitute for forensic evidence.
Rebuttal
Temporal proximity to geopolitical events does not establish causation. Major infrastructure incidents regularly occur during periods of elevated tension; assigning them to adversarial actors requires evidence beyond timing.
How That Case Fares Against the Evidence
MV Dali had two documented power blackouts before departure on the night of the collapse
DebunkingStrong
NTSB investigation records show the Dali experienced two separate electrical failures — including one requiring emergency generator activation — before clearing the port. This pre-existing electrical instability is consistent with mechanical causation and inconsistent with a targeted external attack timed to cause maximum damage.
NTSB investigation identified systemic electrical management issues as the probable cause
DebunkingStrong
The National Transportation Safety Board's investigation documented the causal chain as mechanical and electrical, consistent with the vessel's maintenance history including a 2016 Antwerp power-loss incident. No NTSB finding referenced external interference.
FBI preliminary assessment found no evidence of cyberattack
DebunkingStrong
The FBI confirmed to reporters at Reuters and AP that its preliminary assessment of the Key Bridge collapse found no evidence of a cyberattack. Standard FBI practice is to open a preliminary assessment after any major infrastructure incident; the opening of such an assessment does not imply evidence of criminal activity.
CISA issued no maritime cyberattack advisory related to the Dali incident
DebunkingStrong
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, which issues advisories when credible cyber threats to critical infrastructure are identified, issued no advisory relating to the MV Dali or the Key Bridge collapse.
Container ship propulsion systems are not directly accessible via public internet
DebunkingStrong
Integrated bridge systems on modern container ships communicate with shore via satellite administrative links — not direct propulsion control. Remote exploitation of propulsion systems requires either a pre-installed backdoor or physical internal network access, neither of which was documented in the Dali case.
The ship's pilot issued a mayday call enabling partial traffic stoppage and saving lives
Debunking
The pilot of the MV Dali recognized the emergency and issued a mayday call approximately two minutes before impact, allowing Maryland Transportation Authority police to stop bridge traffic. This rapid emergency response is inconsistent with a maximally destructive attack scenario.
Evidence Filters10
MV Dali had two documented power blackouts before departure on the night of the collapse
DebunkingStrong
NTSB investigation records show the Dali experienced two separate electrical failures — including one requiring emergency generator activation — before clearing the port. This pre-existing electrical instability is consistent with mechanical causation and inconsistent with a targeted external attack timed to cause maximum damage.
NTSB investigation identified systemic electrical management issues as the probable cause
DebunkingStrong
The National Transportation Safety Board's investigation documented the causal chain as mechanical and electrical, consistent with the vessel's maintenance history including a 2016 Antwerp power-loss incident. No NTSB finding referenced external interference.
FBI preliminary assessment found no evidence of cyberattack
DebunkingStrong
The FBI confirmed to reporters at Reuters and AP that its preliminary assessment of the Key Bridge collapse found no evidence of a cyberattack. Standard FBI practice is to open a preliminary assessment after any major infrastructure incident; the opening of such an assessment does not imply evidence of criminal activity.
CISA issued no maritime cyberattack advisory related to the Dali incident
DebunkingStrong
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, which issues advisories when credible cyber threats to critical infrastructure are identified, issued no advisory relating to the MV Dali or the Key Bridge collapse.
Container ship propulsion systems are not directly accessible via public internet
DebunkingStrong
Integrated bridge systems on modern container ships communicate with shore via satellite administrative links — not direct propulsion control. Remote exploitation of propulsion systems requires either a pre-installed backdoor or physical internal network access, neither of which was documented in the Dali case.
The ship's pilot issued a mayday call enabling partial traffic stoppage and saving lives
Debunking
The pilot of the MV Dali recognized the emergency and issued a mayday call approximately two minutes before impact, allowing Maryland Transportation Authority police to stop bridge traffic. This rapid emergency response is inconsistent with a maximally destructive attack scenario.
Social media claims attributed the collapse to Iran, China, and Russia without forensic evidence
SupportingWeak
Within hours of the collapse, Telegram channels and alternative media sites attributed the incident to Iranian, Chinese, or Russian cyberattack. None of these attributions was accompanied by network logs, malware analysis, penetration reports, or other forensic documentation.
Rebuttal
The speed of attribution — within hours of the event — is inconsistent with the timeline of forensic cyber investigation, which typically requires weeks or months. Early attribution claims without forensic backing do not constitute evidence.
Maritime cyberattacks are a documented real-world concern
SupportingWeak
The 2017 NotPetya attack disrupted Maersk's global maritime operations significantly. IMO cybersecurity guidance (MSC-FAL.1/Circ.3) documents that maritime vessels face genuine cyber risks. The plausibility of maritime cyberattack in general does not constitute evidence that the Dali was attacked.
Rebuttal
The existence of maritime cyber risk does not establish that any specific incident was a cyberattack. Plausibility without evidence is insufficient to overcome documented mechanical causation.
Volt Typhoon's documented U.S. infrastructure targeting was cited without demonstrated link to the Dali
SupportingWeak
Some versions of the cyberattack claim invoked the documented Chinese state-actor group Volt Typhoon, which CISA confirmed in 2024 had targeted U.S. critical infrastructure. No evidence linked Volt Typhoon to the Dali or to maritime vessel propulsion systems.
Rebuttal
Citing a real threat actor does not establish attribution for a specific incident. Volt Typhoon's documented activities involved telecommunications and energy infrastructure — not maritime vessel control.
The geopolitical timing (post-October 7) made cyberattack attribution feel plausible to many
SupportingWeak
The collapse occurred six months after October 7, 2023, during a period of heightened tensions. Proponents argued the timing supported Iran- or Hezbollah-linked attribution. Geopolitical context does not substitute for forensic evidence.
Rebuttal
Temporal proximity to geopolitical events does not establish causation. Major infrastructure incidents regularly occur during periods of elevated tension; assigning them to adversarial actors requires evidence beyond timing.
Evidence Cited by Believers4
Social media claims attributed the collapse to Iran, China, and Russia without forensic evidence
SupportingWeak
Within hours of the collapse, Telegram channels and alternative media sites attributed the incident to Iranian, Chinese, or Russian cyberattack. None of these attributions was accompanied by network logs, malware analysis, penetration reports, or other forensic documentation.
Rebuttal
The speed of attribution — within hours of the event — is inconsistent with the timeline of forensic cyber investigation, which typically requires weeks or months. Early attribution claims without forensic backing do not constitute evidence.
Maritime cyberattacks are a documented real-world concern
SupportingWeak
The 2017 NotPetya attack disrupted Maersk's global maritime operations significantly. IMO cybersecurity guidance (MSC-FAL.1/Circ.3) documents that maritime vessels face genuine cyber risks. The plausibility of maritime cyberattack in general does not constitute evidence that the Dali was attacked.
Rebuttal
The existence of maritime cyber risk does not establish that any specific incident was a cyberattack. Plausibility without evidence is insufficient to overcome documented mechanical causation.
Volt Typhoon's documented U.S. infrastructure targeting was cited without demonstrated link to the Dali
SupportingWeak
Some versions of the cyberattack claim invoked the documented Chinese state-actor group Volt Typhoon, which CISA confirmed in 2024 had targeted U.S. critical infrastructure. No evidence linked Volt Typhoon to the Dali or to maritime vessel propulsion systems.
Rebuttal
Citing a real threat actor does not establish attribution for a specific incident. Volt Typhoon's documented activities involved telecommunications and energy infrastructure — not maritime vessel control.
The geopolitical timing (post-October 7) made cyberattack attribution feel plausible to many
SupportingWeak
The collapse occurred six months after October 7, 2023, during a period of heightened tensions. Proponents argued the timing supported Iran- or Hezbollah-linked attribution. Geopolitical context does not substitute for forensic evidence.
Rebuttal
Temporal proximity to geopolitical events does not establish causation. Major infrastructure incidents regularly occur during periods of elevated tension; assigning them to adversarial actors requires evidence beyond timing.
Top Supporting Evidencetop 3
Social media claims attributed the collapse to Iran, China, and Russia without forensic evidence
SupportingWeak
Within hours of the collapse, Telegram channels and alternative media sites attributed the incident to Iranian, Chinese, or Russian cyberattack. None of these attributions was accompanied by network logs, malware analysis, penetration reports, or other forensic documentation.
Rebuttal
The speed of attribution — within hours of the event — is inconsistent with the timeline of forensic cyber investigation, which typically requires weeks or months. Early attribution claims without forensic backing do not constitute evidence.
Maritime cyberattacks are a documented real-world concern
SupportingWeak
The 2017 NotPetya attack disrupted Maersk's global maritime operations significantly. IMO cybersecurity guidance (MSC-FAL.1/Circ.3) documents that maritime vessels face genuine cyber risks. The plausibility of maritime cyberattack in general does not constitute evidence that the Dali was attacked.
Rebuttal
The existence of maritime cyber risk does not establish that any specific incident was a cyberattack. Plausibility without evidence is insufficient to overcome documented mechanical causation.
Volt Typhoon's documented U.S. infrastructure targeting was cited without demonstrated link to the Dali
SupportingWeak
Some versions of the cyberattack claim invoked the documented Chinese state-actor group Volt Typhoon, which CISA confirmed in 2024 had targeted U.S. critical infrastructure. No evidence linked Volt Typhoon to the Dali or to maritime vessel propulsion systems.
Rebuttal
Citing a real threat actor does not establish attribution for a specific incident. Volt Typhoon's documented activities involved telecommunications and energy infrastructure — not maritime vessel control.
Counter-Evidence6
MV Dali had two documented power blackouts before departure on the night of the collapse
DebunkingStrong
NTSB investigation records show the Dali experienced two separate electrical failures — including one requiring emergency generator activation — before clearing the port. This pre-existing electrical instability is consistent with mechanical causation and inconsistent with a targeted external attack timed to cause maximum damage.
NTSB investigation identified systemic electrical management issues as the probable cause
DebunkingStrong
The National Transportation Safety Board's investigation documented the causal chain as mechanical and electrical, consistent with the vessel's maintenance history including a 2016 Antwerp power-loss incident. No NTSB finding referenced external interference.
FBI preliminary assessment found no evidence of cyberattack
DebunkingStrong
The FBI confirmed to reporters at Reuters and AP that its preliminary assessment of the Key Bridge collapse found no evidence of a cyberattack. Standard FBI practice is to open a preliminary assessment after any major infrastructure incident; the opening of such an assessment does not imply evidence of criminal activity.
CISA issued no maritime cyberattack advisory related to the Dali incident
DebunkingStrong
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, which issues advisories when credible cyber threats to critical infrastructure are identified, issued no advisory relating to the MV Dali or the Key Bridge collapse.
Container ship propulsion systems are not directly accessible via public internet
DebunkingStrong
Integrated bridge systems on modern container ships communicate with shore via satellite administrative links — not direct propulsion control. Remote exploitation of propulsion systems requires either a pre-installed backdoor or physical internal network access, neither of which was documented in the Dali case.
The ship's pilot issued a mayday call enabling partial traffic stoppage and saving lives
Debunking
The pilot of the MV Dali recognized the emergency and issued a mayday call approximately two minutes before impact, allowing Maryland Transportation Authority police to stop bridge traffic. This rapid emergency response is inconsistent with a maximally destructive attack scenario.
Top Counter-Evidencetop 3
MV Dali had two documented power blackouts before departure on the night of the collapse
DebunkingStrong
NTSB investigation records show the Dali experienced two separate electrical failures — including one requiring emergency generator activation — before clearing the port. This pre-existing electrical instability is consistent with mechanical causation and inconsistent with a targeted external attack timed to cause maximum damage.
NTSB investigation identified systemic electrical management issues as the probable cause
DebunkingStrong
The National Transportation Safety Board's investigation documented the causal chain as mechanical and electrical, consistent with the vessel's maintenance history including a 2016 Antwerp power-loss incident. No NTSB finding referenced external interference.
FBI preliminary assessment found no evidence of cyberattack
DebunkingStrong
The FBI confirmed to reporters at Reuters and AP that its preliminary assessment of the Key Bridge collapse found no evidence of a cyberattack. Standard FBI practice is to open a preliminary assessment after any major infrastructure incident; the opening of such an assessment does not imply evidence of criminal activity.
Timeline
Cyberattack attribution claims begin circulating on social media within hours
Within hours of the collapse, Telegram channels and alternative media sites attribute the incident to Iranian, Chinese, and Russian cyberattacks. No forensic evidence accompanies any attribution. FBI and DHS confirm they are opening preliminary assessments.
MV Dali strikes Francis Scott Key Bridge after power loss; six workers killed
The container ship MV Dali loses propulsion at approximately 1:25 a.m. and strikes the Key Bridge at 1:29 a.m. after a mayday call allows partial traffic stoppage. Six construction workers on the bridge deck are killed. The port of Baltimore is closed pending salvage.
FBI and DHS confirm no evidence of cyberattack in preliminary assessments
Reuters and AP report that both the FBI and DHS confirmed their preliminary assessments found no evidence of a cyberattack. NTSB opens a formal marine investigation.
NTSB investigation documents prior power blackouts and electrical history of MV Dali
NTSB investigators document that the MV Dali experienced two power blackouts on March 26 before departure, including one requiring emergency generator activation, and that the vessel had a prior power-loss incident in Antwerp in 2016.
NTSB interim report identifies systemic electrical management issues as probable cause
NTSB interim investigation findings point to systemic electrical management problems as the causal chain, consistent with the vessel's documented maintenance history. No finding references external interference.
A verdict change would require primary records, court findings, official investigative reports, authenticated technical evidence, or reproducible research that directly contradicts the current working finding.
Sources
National Transportation Safety Board·May 2024·NTSB Marine Division
High Credibility
Reuters·Mar 2024·Reuters News Staff
High Credibility
Associated Press·Mar 2024·AP News Staff
High Credibility
Cybersecurity and Infrastructure Security Agency·Apr 2024·CISA Press Office
High Credibility
IEEE Spectrum·Aug 2023·IEEE Editorial Staff
High Credibility
Show 7 more sources
Wired·Apr 2024·Wired Security Desk
High Credibility
New York Times·Apr 2024·NYT Metro and Infrastructure Desk
High Credibility
Washington Post·Mar 2024·WaPo National Security Desk
High Credibility
International Maritime Organization·Jul 2017·IMO Secretariat
High Credibility
CISA / NSA / FBI·Feb 2024·CISA Joint Advisory Team
High Credibility
ProPublica·Jun 2024·ProPublica Investigative Team
High Credibility
Telegram — unverified channel·Mar 2024·Anonymous
Low Credibility
Sourcestop 3
Sources
National Transportation Safety Board·May 2024·NTSB Marine Division