Full Report
In late February 2026, Iran closed the Strait of Hormuz to foreign shipping. What began as a chaotic wartime closure has, in the past few days, hardened into something more consequential: an official sovereign toll regime, codified in Iranian law, and priced in cryptocurrency. On May 18, Iran operationally launched the Persian Gulf Strait Authority, a…
Analysis Summary
# Incident Report: Iranian Sovereign Toll Regime and Maritime Blockade
## Executive Summary
In early 2026, Iran transitioned a chaotic wartime closure of the Strait of Hormuz into a formalized, state-mandated toll regime. The operation involves the mandatory registration of foreign vessels and the extortion of "transit permits" priced in cryptocurrency. This represents a significant shift from traditional kinetic blockade tactics to a structured, bureaucratic extortion model targeting global maritime trade.
## Incident Details
- **Discovery Date:** Late February 2026
- **Incident Date:** Late February 2026 – Ongoing (Operationalized May 18, 2026)
- **Affected Organization:** Global Maritime Shipping Industry
- **Sector:** Transportation / Critical Infrastructure / Supply Chain
- **Geography:** Strait of Hormuz, Persian Gulf
## Timeline of Events
### Initial Access
- **Date/Time:** Late February 2026
- **Vector:** Kinetic blockade and legal codification.
- **Details:** Iran closed the Strait of Hormuz to foreign shipping via military force, subsequently codifying the closure in Iranian law.
### Lateral Movement
- **N/A:** As this is a geopolitical/maritime incident, movement was physical and legal rather than digital. Iran expanded its reach by establishing the Persian Gulf Strait Authority (PGSA) to manage the transit process.
### Data Exfiltration/Impact
- **Operational Impact:** Conversion of an international waterway into a "vetted toll plaza."
- **Data Collection:** Mandatory submission of "Vessel Information Declarations" (VID) containing ownership, insurance, crew, cargo, and routing details.
- **Financial Exfiltration:** Extortion of fees up to $2,000,000 USD per voyage, demanded in cryptocurrency.
### Detection & Response
- **Detection:** Immediate visible impact on global shipping; official launch of pgsa[.]ir and associated social media accounts.
- **Response Actions:** Bilateral negotiations for "safe-passage" deals; ongoing international diplomatic and maritime security assessments.
## Attack Methodology
- **Initial Access:** Physical blockade and assertion of sovereign maritime control.
- **Persistence:** Establishment of a formal state bureaucracy (PGSA) and codified law.
- **Defense Evasion:** Use of cryptocurrency for payments to bypass traditional financial sanctions and tracking.
- **Discovery:** Vessel tracking and mandatory reporting requirements for all seafaring traffic in the "management supervision area."
- **Collection:** Gathering of sensitive commercial and logistics data through mandatory VIDs.
- **Exfiltration:** Transfer of high-value crypto-assets from shipping firms to Iranian state accounts.
- **Impact:** Significant disruption of global supply chains and financial extortion.
## Impact Assessment
- **Financial:** Fees up to $2M per vessel; massive increase in global shipping costs and insurance premiums.
- **Data Breach:** Compromise of proprietary shipping routes, cargo manifests, and crew manifests.
- **Operational:** "Holding queues" created at the throat of the Strait; major delays in world trade.
- **Reputational:** Erosion of the principle of "freedom of navigation" in international waters.
## Indicators of Compromise
- **Network Indicators:**
- hxxps://pgsa[.]ir
- hxxps://x[.]com/PGSA_IRAN
- **Behavioral Indicators:**
- Emergence of a "Vessel Information Declaration" requirement for Strait transit.
- Demands for large-scale cryptocurrency transfers to secure transit permits.
## Response Actions
- **Containment:** International maritime task forces monitoring the "management supervision area."
- **Eradication:** N/A (Geopolitical resolution required).
- **Recovery:** Some shipping companies attempting bilateral negotiations to secure fee-less passage.
## Lessons Learned
- **Weaponization of Bureaucracy:** Adversaries can use formal "administrative" frameworks to legitimize extortion and blockade activities.
- **Cryptocurrency Utility:** The reliance on crypto for tolls demonstrates how decentralized finance can be leveraged by nation-states to monetize geopolitical choke points.
- **Supply Chain Vulnerability:** Global trade remains highly dependent on a single maritime point of failure.
## Recommendations
- **Diversification:** Explore and secure alternative shipping routes (e.g., Northern Sea Route or land-based rail).
- **Security Protocols:** Implementing enhanced privacy for shipping manifests to limit data exposure during "mandatory" declarations.
- **International Policy:** Multi-national coordination to re-establish freedom of navigation through diplomatic or collective security measures.