Somali piracy, South China Sea tensions and shore-side cyber risk: this week in maritime intelligence

Every week, Dryad Global’s Maritime Intelligence Brief distils hundreds of data points into a single, decision-ready picture of global maritime risk. This week’s brief highlights how threats are stretching from the Somali Basin to the South China Sea – and increasingly into the cyber domain. 

Below is a high-level snapshot. For full incident detail, heatmaps, vessel-type impact and recommended actions, clients can access the Secure Voyager Hub via our introductory offer.

👉 Explore Secure Voyager Hub:

https://www.dryadglobal.com/secure-voyager-hub-intro-offer

Somali piracy: a post-monsoon surge

After a period of relative quiet, Somali piracy has re-emerged with a series of coordinated attacks deep into the Indian Ocean. Pirate Action Groups are once again using hijacked dhows as “mother ships” to project skiffs several hundred nautical miles offshore.

One recent case involved an attempted hijack of a product tanker in the Somali Basin, with pirates firing small arms and RPGs before boarding. The crew’s decision to secure themselves in the citadel, combined with a rapid naval response, prevented a successful hijack and all seafarers were recovered safely. The same group is linked to multiple approaches against commercial and fishing vessels across a broad area. 

While naval forces have since intercepted the mother ship and are moving towards prosecution, several previously hijacked vessels remain unaccounted for, and the threat level in the region remains critical. For operators trading in the western Indian Ocean, this reinforces the need to:

• Maintain registration with regional reporting centres

• Apply BMP5 measures rigorously

• Understand how current threat patterns intersect with specific routes and vessel profiles

South China Sea: carrier presence near contested shoals

In the South China Sea, a US carrier strike group centred on USS Nimitz has been operating within range of key contested features, including Scarborough Shoal. The deployment follows a series of confrontations between Chinese Coast Guard units and Philippine resupply missions, including the use of water cannons and blocking manoeuvres. 

Although commercial traffic continues, the combination of military signalling, “gray-zone” tactics and new administrative measures – such as the designation of maritime “nature reserves” – adds complexity for operators transiting the region or calling at regional ports.

Secure Voyager Hub users can see how current naval deployments and enforcement trends intersect with core trade lanes and chokepoints, helping them shape routing and port selection decisions.

Conflict zones and evolving state behaviour

This week’s brief also tracks a series of developments across other high-risk theatres, including: 

• Ukraine–Russia conflict: continued long-range strikes on energy and offshore infrastructure in the Black Sea region.

• Middle East & Red Sea: persistent disruption to normal trade patterns as state and non-state actors probe naval and commercial responses.

• Africa & Gulf of Guinea: stepped-up maritime cooperation between regional navies and European partners, alongside ongoing security and governance challenges ashore.

• Polar routes: a rise in Arctic transits despite ice navigation and regulatory challenges, with implications for risk profiling and insurance.

These developments underscore that “maritime risk” is no longer confined to piracy and war risk areas; it is a constantly shifting mix of geopolitics, organised crime, regulation and climate.

Cyber: the soft underbelly of maritime operations

Shore-side systems remain a critical point of vulnerability. This week’s cyber section of the Maritime Intelligence Brief highlights: 

• A major data breach at a global media group that exposed thousands of Slack messages and personal records.

• New research showing that misconfigurations and credential issues are behind the majority of cloud security incidents.

• Emerging exploit paths in widely used AI tools, opening the door to data exfiltration and model hijacking.

• “Deepfake-as-a-Service” offerings that commoditise voice cloning and synthetic media fraud, raising the stakes for payment authorisation, voice-based security checks and brand trust.

• Mobile spyware campaigns targeting widely deployed devices used by corporate and government users.

• Rising urgency around third-party and vendor risk management.

For shipowners, operators and maritime service providers, these are not abstract IT problems; they are business continuity and compliance issues that can directly affect port calls, charterparty performance and reputational standing.

Why Secure Voyager Hub?

The Maritime Intelligence Brief is just one component of Dryad Global’s Secure Voyager Hub – our integrated intelligence and voyage risk platform.

Inside Secure Voyager Hub, subscribers get access to:

• Live incident feeds and interactive maps showing global risk in real time

• Regional and thematic analysis prepared by specialist analysts

• Voyage-specific risk tools that combine threat data with vessel and route characteristics

• Cyber and regulatory intelligence aligned to maritime operations

• Downloadable briefs and alerts for internal stakeholders, crews and clients

Where this public article provides an overview, Secure Voyager Hub gives the granular detail and practical guidance that shoreside teams and crews need to make informed decisions.

Stay ahead of the threat picture

The maritime domain is becoming more contested, more complex and more interconnected with events ashore and online. Having a clear, consolidated view of global risk is no longer a “nice to have” – it’s a core part of safe and profitable operations.

If you want access to the full Maritime Intelligence Brief each week, along with the tools our clients use to plan and protect their voyages, you can get started today with our introductory offer.

👉 Find out more and subscribe to Secure Voyager Hub:

https://www.dryadglobal.com/secure-voyager-hub-intro-offer