The Latest Underwater Cable-Cutting Incident Involves Identity Tampering 

Taiwanese authorities have accused a Chinese freighter of cutting a subsea communications cable just off the coast of Keelung on January 3, 2025. 

This latest critical underwater infrastructure incident, following three relatively recent underwater infrastructure disruptions in the Baltic Sea, is murky and involves identity tampering. Four seemingly different vessels, with different names, IMOs, MMSIs, and flags, show suspiciously similar behavioral patterns… 

This blog post has all the information you need!  

Initial Confusion

Early reports about this incident raised questions. 

Two vessels were singled out as potential culprits in the immediate aftermath: 

• A cargo vessel named Xing Shun 39 (IMO 8358427), flying under the Tanzanian flag
• Cameroonian-registered cargo ship known as Shunxin-39, whose IMO number was different from the registered IMO 

Most media outlets later concluded that the incident in question featured a single vessel that changed its name back and forth. 

Windward’s AI-generated insights identified three false transmitted identities that complement each others’ voyages and operational timelines – a movement pattern that definitely raises additional questions about the true identity of the culprit. 

Who’s the Real Culprit?

We know that a cable was cut and a single vessel is suspected of sabotage. But four seemingly different vessels exhibit similar behavioral paths in a way that raises eyebrows. What’s the real story?

Windward looked at AIS transmissions based on all vessels’ MMSIs, the primary key to transmission, as the lead indicator. After investigating the main Tanzania-flagged vessel and what we believe are its additional three false identities, we found the following.

A property investigation (blips transmitting the vessel’s name, IMO, call sign, and size), shows that all four MMSIs have some common and differing traits:

• Three out of the four MMSIs transmit different variations of the same name (Shunxing39, Xingshun39, and Xing Shun 39).
• The fourth vessel (Baolong36), is seemingly unrelated until we deep dive with the help of the Windward Maritime AI™ platform. It seems that the Baolong36 stopped transmitting in July 2023, the same date that the Xing Shu 39 changed its call sign. 8 months later, the Xing Shun 39 changed to its current name from the Baolong36 – which has not been operational since July 2023.
• While all four identities transmit various sizes throughout their operational lives, two vessels are the same size (101m), while the other two are a different size (59m).
• Two of the four vessels share the same commercial manager, a Vietnam-based company with just one vessel in its fleet.
• Only two vessels share an IMO, but all four call signs are different.

A movement investigation (blips transmitting the vessel’s location and speed) shows that:

• All four MMSIs lost transmissions at different times, but they displayed the same movement pattern in the same area. Interestingly, when one transmits, the other does not. We see this alignment clearly in the example below, showing two identities completing each other’s voyages.

Making Sense of it All

Here are the possible scenarios:

• Two vessels: the far-fetched possibility is that we are indeed looking at two different vessels. The shared parameters and corresponding movement patterns indicate collaboration, or one vessel using another vessel as a decoy.
• One vessel: the likely scenario is one vessel that has been engaging in extensive and complex identity tampering. It is possible that the vessel had two or more transmitters with different MMSIs and alternated between them.

Based on our patented fusion model, similar movement patterns exhibited in the same areas, and the findings outlined above, we believe there is a strong basis to assume a single vessel may be tampering with its identity. 

The Tanzania-flagged vessel is the likely culprit. It has been marked as a high-security risk by Windward’s Maritime AI™ platform since April 2024, with a history of IMO spoofing and identity changes. In the past year, it changed its MMSI three times. Most recently, it changed its name back right before leaving port on December 20, 2024.

The vessel also exhibits irregular behavior, such as dark activities, and a weak ownership structure. Its current beneficial owner is a Chinese-based company that does not own other vessels. While the current commercial manager is unknown, the vessel was previously commercially managed by Weihai Hairun Shipping Co. Ltd, a China-based company that has been on the United Nations Security Council Panel of Experts since 2023.

Who Should Be Concerned about Critical Underwater Infrastructure?

One thing is beyond dispute. A cable was intentionally sabotaged.

The protection of underwater infrastructure remains alarmingly inadequate in many regions and damages can occur without immediate detection. And the success (from the perspective of the bad actors) of the recent attacks will likely spur copycat attacks. 

Addressing this challenge requires a collaborative effort from governments, security organizations, and industry leaders to strengthen monitoring and response strategies. 

Until recently the threat to critical underwater infrastructure was perceived as a national security concern. However, the involvement of commercial vessels in such incidents highlights the growing overlap between commercial and paramilitary operations. When a merchant ship damages another nation’s critical infrastructure, is it truly commercial or covertly government-operated?

And whose responsibility is it to monitor and protect these assets? The companies who own and operate the cables, or the governments patrolling the waters who are tasked with ensuring national security? 

While governments must bolster independent capabilities to procure and act on maritime intelligence, energy companies can’t rely solely on state measures. The entities laying critical infrastructure – such as undersea cables – must assume accountability for securing their assets against threats. Collaborative approaches involving the public and private sectors are essential to mitigate vulnerabilities.

In addition to governments, the following types of organizations are following critical underwater infrastructure issues very carefully: 

• Underwater cable operators
• Telecom infrastructure companies
• Tech giants with submarine assets
• Telecom operators
• Specialized marine service providers

All of the above would benefit from AI-powered technology that maps out the underwater cable networks and provides real-time alerts when suspicious vessels approach these sensitive regions. 

And because 100% protection of such vast networks spanning the globe isn’t possible, organizations require investigative tools after sabotage occurs. Who did what, when, and where?  

With proactive intelligence solutions, the entire maritime ecosystem can address this ongoing issue by moving from reactive measures to predictive safeguarding – ensuring the resilience of vital underwater infrastructure and the global systems it supports.

Find Out More