In September 2020, a sophisticated cyber spoofing attack targeted the Automatic Identification System (AIS) of multiple NATO naval vessels, including the HMS Queen Elizabeth (UK), HMS Duncan (UK), HMS Albion (UK), HNLMS Rotterdam (Netherlands), HNLMS Johan de Witt (Netherlands), and BNS Leopold (Belgium). The threat actor, attributed to Russia, falsified the AIS transmissions to misrepresent the vessels' locations, placing them near Russian-controlled waters—a deliberate act of geopolitical provocation. The spoofed positions were ghost readings, designed to create a false narrative of NATO encroachment, framing Russia as a victim of international aggression.This attack did not result in physical damage, data breaches, or financial losses, but it undermined trust in maritime navigation systems, risked miscalculation in military operations, and escalated tensions between NATO and Russia. The incident was part of a broader pattern, with nearly 100 similar spoofing events targeting NATO assets. While no immediate operational impact occurred, the long-term implications include eroded confidence in AIS integrity, potential disruption of naval coordination, and heightened risks of accidental conflicts due to manipulated situational awareness.The attack demonstrated how cyber-enabled disinformation can be weaponized in hybrid warfare, blending technical deception with psychological operations to achieve strategic objectives without kinetic confrontation.