Maritime Intelligence Brief – 24 November 2025

Iranian cyber operators pulling live AIS data before a missile launch. U.S. bombers circling the Caribbean as tensions with Venezuela rise. Shadow fleets, cyber campaigns and regional flashpoints reshaping risk for commercial shipping.

These are just some of the developments unpacked in this week’s Dryad Global Maritime Intelligence Brief, available in full via Secure Voyager Hub. 

Cyber to kinetic: Iran’s new targeting model

Amazon’s threat intelligence unit has traced how Iranian state-linked actors are fusing cyber reconnaissance with kinetic strikes.

• AIS exploitation in the Red Sea: IRGC-affiliated “Imperial Kitten” spent months inside commercial AIS platforms, querying real-time positions of merchant vessels. On 27 January 2024 they pulled track data for a U.S.-flagged ship; four days later Houthi forces attempted a missile strike on the same vessel KOI in the Red Sea.

• Live CCTV for targeting and battle damage assessment: MOIS-linked “MuddyWater” built anonymised infrastructure to access cameras across Jerusalem ahead of Iran’s June 2025 missile barrage, then used compromised feeds to refine follow-on targeting.

Our full brief assesses how Iran and its proxies are likely to step up AIS, IoT and CCTV reconnaissance into 2026, increasingly using AI-assisted data fusion – and what that means for shipowners, cargo interests and port operators. We explore the implications for:

• AIS and voyage data providers

• Port and terminal CCTV and IoT infrastructure

• Commercial vessels transiting high-risk theatres

We also examine likely retaliatory pathways, from GPS spoofing and ransomware on port systems to wider Red Sea mining threats, and the defensive measures that will matter most for operators.

Caribbean: countdown to limited strikes on Venezuela?

In the Caribbean, a U.S. military buildup around Venezuela appears aimed less at counter-narcotics and more at pushing back Russian, Chinese and Iranian influence in the Western Hemisphere. 

This week’s brief tracks:

• Additional B-52H Stratofortress deployments over the Gulf of Mexico and Caribbean

• Leave restrictions for U.S. Southern Command personnel over the holiday period

• A recent NOTAM from Curaçao highlighting unidentified aircraft in terminal airspace, suggesting intensified reconnaissance or early warning activity

Our assessment points to a high probability of limited, precision U.S. strikes—for example against Venezuelan sites hosting Russian S-300 systems or Chinese-operated facilities—within a short window.

For commercial shipping we explore potential outcomes including:

• Disruption or suspension of Venezuelan crude and product exports

• Imposition of naval exclusion zones in parts of the southeastern Caribbean

• Rapid changes to war-risk insurance pricing and routing assumptions

We also map escalation pathways if Moscow, Beijing or Tehran opt to visibly reinforce Caracas.

Global risk snapshot: where are the pressure points?

Beyond these deep dives, this week’s Maritime Intelligence Brief provides a global operating picture for CSOs, charterers, insurers and masters:

• Regional incident trends: Charts on this week’s brief show recent patterns in hijack, boarding, robbery, approach and kidnap events across the Gulf of Guinea, Indian Ocean and South East Asia, plus multi-year trends in crew kidnaps. 

• Key regional developments: From EU discussions on boarding “shadow tankers” and a possible pirate action group east of Somalia, to Royal Navy shadowing Russian warships in the English Channel and U.S.–China maritime security talks in Hawaii.

• Cyber Security Abroad: A curated feed of global cyber issues affecting the maritime domain – including Iranian espionage campaigns, critical vulnerabilities in widely used tools, and cases of North Korean IT workers infiltrating Western companies.

Each entry is accompanied by region-specific risk ratings, local impact assessments and on-shore security implications, all plotted on an interactive map.

Why access the brief through Secure Voyager Hub?

Inside Secure Voyager Hub:

• Interactive risk map – Drill down by region, incident type and trend line, using the same cartography and risk scales featured in the printed brief. 

• Linked cyber and physical reporting – See how cyber campaigns, state competition and criminal activity intersect with shipping lanes, ports and offshore infrastructure.

• Actionable guidance – Each item is written for decision-makers: CSOs, fleet managers, underwriters and operators who need clear implications, not just headlines.

If your vessels, people or cargo move through these theatres, you can’t afford to rely on generic news feeds.

👉 Trial Secure Voyager Hub and unlock the full Maritime Intelligence Brief, historic datasets and tailored alerts.

Contact our team at sales@dryadglobal.com to request access or arrange a walkthrough.