In this instalment of Inchcape’s Global Shipping Report, Daniel Mueller, Senior Analyst at global risk management company Ambrey, outlines the enduring maritime security (marsec) threats in key hotspots around the world in the third quarter. Rebecca Egan, Sub-Saharan Africa Analyst at Ambrey, spotlights West Africa as the region transitions into the drier season, while Ambrey’s Asia Maritime Security Analyst, Dr. Fang Yang, focuses on Malaysia and the tightening enforcement against unauthorised anchoring. Amit Chitnis, Head of World of Ports Portfolio at Inchcape, wraps up with a look at AIS spoofing, sharing case studies, technical insights and countermeasures.
BLACK SEA AND BALTIC SEA
The Russia-Ukraine conflict has expanded from the Black Sea into the Baltic, where open warfare has evolved into covert hybrid operations involving intelligence and sabotage, drawing commercial shipping ever deeper into the operational and political crossfire.
In the Black Sea, sea mines remain the primary threat, while unexploded ordnance has been found along the coasts of Romania, Bulgaria and Turkey, together with discoveries of unmanned surface vessels in Turkish waters.
Limpet mine attacks targeting vessels linked to Russian hydrocarbon exports have extended into the Baltic, with secondary effects reaching the Mediterranean.
Both sides continue to strike ports and logistics infrastructure, as Ukraine targets Russian assets and Russia maintains pressure on Ukrainian facilities. Electronic warfare – including GPS and AIS signal denial from shipborne and shore-based systems – is intensifying across both areas.
A growing concern is the militarisation of merchant vessels, with multiple cases of ships allegedly deploying or supporting unmanned systems, leading to arrests and detentions in Germany, Sweden and Norway.
Note on the US sanctions on Lukoil and Rosneft:
The new sanctions are already having an impact, with Chinese and Indian markets showing greater caution as they reassess their exposure to Russian crude. Ambrey anticipates a shift in movement patterns, potentially increasing shadow-fleet operations carrying Russian cargoes or prompting shifts in trade routes.
Ambrey has already observed a growing number of ship-to-ship (STS) transfers between shadow-fleet vessels on the high seas – not a new practice but now occurring with greater frequency. The key uncertainty is where will these cargoes go next?
A further development is Iran’s effort to establish a land corridor to Russia, offering another means of sanctions evasion. Meanwhile, the US plans to tighten restrictions further, and if the EU follows suit, this will likely have a major impact on Russia’s oil export capacity – and consequently on its ability to finance war in Ukraine, which is the core aim of the sanctions regime.
MEDITERRANEAN
Ambrey data indicates a sharp rise in merchant vessel involvement in Search and Rescue (SAR) and humanitarian operations across the Med, with over 870 cases recorded so far in 2025. While there have been numerous mass-casualty incidents, merchant crews have also shown exceptional professionalism and courage.
New migration routes are emerging toward Crete, alongside increased crossings from Algeria to Spain and the Balearics. Incidents have included small-arms fire against the NGO vessel Mediterranea SOS – more than 100 rounds – and a fatal attack on a fishing vessel carrying migrants.
Beyond SAR operations, the region has seen wider maritime security incidents, including an aerial drone attack on the Freedom Flotilla bound for Gaza. There has also been a surge in industrial action and activism, from refusals to handle perceived dual-use cargoes for Israel to labour disputes and environmental protests targeting vessels linked to ecological damage.
Together, these developments reflect a significant deterioration in marsec across a region once viewed as stable. With instability spreading from Sub-Saharan Africa and Sudan, migration pressures and maritime risks are expected to intensify. Meanwhile, armed clashes in Libya continue to disrupt exports and port ops, adding further volatility to the Mediterranean theatre.
MIDDLE EAST – RED SEA / GULF OF ADEN
Two main actors are directly impacting shipping in the region: the Houthis and Israel. Since June, Ambrey has logged 112 marsec incidents, including 31 linked to Houthi activity.
The Houthis continues to attack both Israel and commercial vessels. Throughout 2025, their target profile has remained consistent – ships with Israeli ownership, operation or trade links. So far, five vessels have been hit, leaving three damaged, two sunk and resulting in five fatalities and one injury.
In response, Israel launched targeted strikes in August against Houthi political and military leadership, followed in September by airstrikes on Houthi-controlled ports such as Hodeidah.
Although the frequency of attacks has declined, lethality has increased. Ambrey assesses the current threat as more manageable, given that Houthi intent has become narrower and more predictable.
Since the Israel-Hamas ceasefire, there have been no new attacks, but the Houthis’ intentions remain unclear. If the truce holds, hostilities may stay stop; if it collapses, the threat will likely return fast.
Everything hinges on developments in Gaza, where the security outlook remains uncertain. There is still no clear post-ceasefire plan – key issues include Hamas disarmament, possible international peacekeeping arrangements, Arab funding for reconstruction and long-term governance of the strip.
Having been a persistent maritime threat for five years, the Houthis may seek to build on their perceived operational success and use maritime attacks as leverage in the Yemen conflict.
Note on the Israel-Hamas ceasefire:
Ambrey assesses that the ceasefire could hold but only with sustained political will and continued mediation from the US, Qatar, Egypt and the Gulf states. The main challenge will come during peace negotiations, where Hamas’s reluctance to disarm and Israel’s demand for security guarantees remain fundamentally incompatible. If US diplomatic engagement continues, the truce might evolve into a longer-term agreement; if that focus drop off, it is unlikely to endure.
MIDDLE EAST – SUDAN
The civil war in Sudan is ongoing, with recent reports highlighting alleged war crimes in the west of the country following the capture of a besieged city by the Rapid Support Forces (RSF).
The most notable impact on the maritime sector has been GPS disruptions offshore Port Sudan and Suakin. These have caused navigation safety incidents in the past. They began around the same time as UAV attacks against Port Sudan and its infrastructure in May, although there have been no further incidents since.
The RSF has shown it retains aerial drone capabilities, with recent attacks targeting the airport at Khartoum.
WEST AFRICA (GULF OF GUINEA)
The West Africa dry season (November-April) typically coincides with a rise in piracy incidents across the region. From late 2024 into 2025, most attacks occurred in the eastern Gulf of Guinea, particularly off Gabon, São Tomé and Príncipe, and Equatorial Guinea, where limited marsec infrastructure – especially the absence of consistent naval patrols – opens the way for attacks.
In the western Gulf, incidents have also targeted fishing vessels, including the MENGXIN 1 attack off Ghana in March, when three crew members were kidnapped and later released in the Niger Delta. By mid-2025, activity shifted back toward Nigerian waters, especially off Bonny, suggesting pirates are returning to familiar territory despite stronger local security.
Looking ahead, pirate action groups (PAGs) are expected to resume opportunistic attacks, particularly in areas with weak enforcement. Vessels transiting without escort ships or armed guards remain most vulnerable. Escorts are only effective when maintained within one NM during transit.
Ambrey assesses at least one active PAG currently operating out of the Niger Delta, using the area’s river network and illegal oil-refining sites as cover. These groups can conduct kidnap-for-ransom operations up to 400 NM offshore in small speedboats and may use hijacked vessels as mother ships to extend range.
Their main tactic remains kidnapping foreign crew, with ransom negotiations typically lasting 25-60 days. During talks, piracy risk usually drops, only to spike again once talks conclude. PAGs have targeted ships travelling up to 20 knots and with freeboards below 10.4 m.
Foreign naval exercises in the Gulf provide some deterrence. Operation Delta Safe (ongoing since January 2024) has disrupted illegal oil operations but not the pirates’ underlying economic drivers. Historically, when oil prices fall below USD 80 per barrel, piracy increases, as ransom becomes more profitable than fuel smuggling.
Riverine pirate groups near Port Harcourt also remain active but focus on local boats and river traffic. While they add to regional insecurity, they currently pose no direct threat to international shipping.
ASIA – MALAYSIA
Ambrey monitors a broad spectrum of marsec issues across Asia but one of the most immediate and actionable developments is Malaysia’s crackdown on unauthorised anchoring, with detention now the default response.
Over the past three months, enforcement has shifted from occasional spot checks to a systematic regime targeting both unauthorised anchoring and illegal ship-to-ship (STS) transfers, resulting in five detentions by the Malaysia Maritime Enforcement Agency (MMEA) since August.
In July, Malaysia closed the Tanjung Piai anchorage near the eastern entrance to the Singapore Strait, long a hotspot for informal or illegal STS transfers. A new legal alternative, Muar anchorage in western Johor, has been designated but may only be used with prior authorisation.
The legal framework remains unchanged under the Merchant Shipping Ordinance of 1952, which allows for boarding, detention and fines. What’s new is the consistency and strictness of enforcement.
Authorities typically cite “anchoring without permission” rather than “illegal STS transfer” because it is the simplest legal trigger. Once a vessel is found anchoring without approval, it can be detained immediately; any further STS violations can then be investigated based on cargo or equipment evidence.
For operators, Malaysia should be treated as a permit-controlled environment. The guidance is straightforward:
- Keep AIS on and obtain permission to anchor.
- Use the Muar anchorage only with prior approval. If that is unavailable, remain underway rather than drifting or anchoring in Malaysian waters.
- Review charter-party clauses to clarify compliance responsibility.
- Be inspection-ready, carry valid documentation and cooperate fully with authorities.
Ambrey expects sustained enforcement through Q4, as the new regime becomes standard practice.
ASIA – STRAITS OF MALACCA / SINGAPORE
Even though there have been a number of piracy events and armed robberies in the Malacca Strait, the threat has not been deemed imminent enough to justify raising the ISPS level to Level 2. To maintain ISPS Level 2, there must be evidence of an imminent threat, and it is challenging to sustain that level for extended periods.
Raising ISPS Level 2 also triggers higher port security measures, increasing restrictions on entry and exit – which would significantly disrupt operations. Ambrey recommends every vessel follow its ship security manual keeping all doors and access points closed to prevent opportunistic attacks.
ASIA – CHINA AND TAIWAN
China’s recent statement that it will absolutely not resort to force over Taiwan is both symbolic and strategic. In recent months, Beijing has grown more assertive militarily and politically, sending deterrent signals toward Taiwan while pursuing a “carrot and stick” approach.
On the stick side, the timing aligns with President Trump’s visit, during which Xi Jinping reportedly sought an explicit US acknowledgment of Taiwan as part of China – a move seen as largely political theatre.
Ambrey assesses this rhetoric as symbolic. China is unlikely to use force in the near term, particularly after the recent purge of senior military officials, including eight members of the Central Military Commission. This upheaval makes any large-scale action against Taiwan unlikely for now.
At the same time, Beijing is applying the carrot, seeking to reassure and attract the Taiwanese public by framing peaceful unification as beneficial.
Overall, China’s current posture is aimed primarily at external audiences, especially the US, and should be viewed as strategic signalling, not an immediate precursor to military escalation.
THE RISING MENACE OF AIS SPOOFING
The Automatic Identification System (AIS) underpins modern maritime navigation but also represents one of shipping’s core vulnerabilities. The rise of targeted spoofing – the deliberate manipulation of positioning, vessel identity and voyage data – now poses a real and growing threat. These attacks are used to evade monitoring, bypass regulations or circumvent sanctions.
Recent cases highlight the scale of the problem. In the South Pacific, fishing fleets have used circle spoofing – injecting false shore-based signals to make entire fleets appear outside restricted zones for weeks or months, their fake tracks showing as compliant on digital charts. Similar tactics have since been adopted in Black Sea tanker operations: with ships entering sanctioned Russian ports while broadcasting falsified AIS positions off Bulgaria or Romania.
In 2025, the VLCC Front Eagle collision in the Strait of Hormuz revealed another dimension of the threat – AIS data falsely placed the tanker onshore in Iran, masking its true position. Investigations found deliberate jamming and spoofing, creating a “digital mirage” that directly compromised navigational safety. Likewise, the tanker Shanaye Queen appeared to “teleport” between the Indian Ocean and Karachi, an illusion created to hide illegal STS transfers and fraudulent cargo documentation supporting sanction evasion.
To defend against these threats, industry responses now combine radar and satellite mapping with multi-source verification. Inchcape’s World of Ports has developed layered, data-centric defences, cross-verifying AIS data with real-time port and geofence analytics and using machine-learning anomaly detection to expose manipulation. Automated API feeds from port authorities are also being implemented to confirm vessel movements, enabling early detection of spoofed positions before false data enters operational systems.
AIS spoofing is not merely a compliance issue – it is a safety, accountability and insurance risk that threatens the integrity of maritime operations. To mitigate it, all stakeholders must treat data integrity as both a technical and operational priority. Through collaborative data sharing and advanced intelligence, the industry can begin to restore trust and build resilience in the digitalised maritime ecosystem.