Overstretched naval deployments and a focus on Red Sea security have left parts of the Western Indian Ocean vulnerable.

Somali pirate activity in early November 2025 represents the most serious cluster of incidents in the Western Indian Ocean since the mid-2024 downturn. The attacks do not signal a broader resurgence of piracy, but rather highlight the continued value of several established counter-piracy measures at sea.

After a period of suppression following Indian Navy action in 2024, a suspected Somali pirate group showed its ability to operate far offshore using hijacked fishing vessels as motherships. Another group has now been doing the same. On 3 November, assailants opened fire as they attempted to board the chemical tanker Stolt Sagaland in international waters well over 300 nautical miles off Somalia’s coast. Private security onboard repelled the attack.

On 6 November, the Hellas Aphrodite was boarded by pirates firing rocket‐propelled grenades (RPGs) and small arms. The crew took refuge in the citadel (safe room) and retained control until the Spanish warship ESPSVictoria, under the European Union’s counter-piracy mission Operation Atalanta, reached the tanker the next day. The Al Thumama, a liquid natural gas tanker, was reportedly approached by a suspicious vessel in the same vicinity, which it outran.

This arguably reflects pirate groups’ regained confidence and organisational capacity. The fundamental Somali piracy model seems unchanged – using a mothership and skiffs to assault vessels with small arms and RPGs to capture crew from commercial vessels for ransom. Pirates lack the shore facilities to offload the cargo carried by most vessels, preferring to extract the maximum ransom for hostages.

Frustration among Puntland and central Somali communities over perceived illegal fishing by foreign ships could strengthen the networks pirates use for anchorage, logistics and intelligence. Local narratives that foreign naval patrols ‘protect’ the vessels fishing illegally fuel resentment.

Somalia’s coast has for decades been ravaged by unlicensed fishing vessels run by criminal operatives from numerous countries. Last month, Puntland authorities seized several fishing vessels accused of illegal fishing – an offence that strips the Somali government of revenue and erodes the livelihoods of artisanal fishers. Pirate groups often claim they are ‘protecting’ their waters and making a living in an environment with limited fishing opportunities.

The growing relationship between al-Shabaab and Houthis adds to maritime insecurity. In meetings between the two, al-Shabaab has reportedly requested advanced weapons and training in exchange for escalating piracy in the Gulf of Aden and off Somalia. Targeting cargo ships, disrupting vessel movement and collecting ransoms would further disrupt global maritime traffic and strengthen the Houthis’ chokehold on the Red Sea and Gulf of Aden.

It is not yet clear whether the recent piracy incidents were a result of this relationship or were carried out by resurgent pirate cells.

In December 2023, pirates successfully hijacked the MV Ruen. In March 2024, the Bangladesh bulker Abdullah was seized as it sailed from Mozambique to the United Arab Emirates, carrying coal. After a month-long ransom negotiation, the pirates allegedly extorted US$5-million for its safe release.

A swift and decisive response by the Indian Navy in March 2024 ended the MVRuen hijacking and led to the capture of 35 pirates who seemed to be using it as a mega-mothership. This reduced the temptation for further piracy after the reported ransom for the Abdullah.

One reason for the renewed pirate activity is the weather, with the southwest and northeast monsoons serving as a natural deterrent. Recent attacks benefitted from a favourable window, with calmer seas enabling close approaches using skiffs. This will probably shift as the northeast monsoon sets in from late November to early February, bringing stronger winds and rougher seas that have historically limited pirates’ ability to operate at a distance.

Anti-piracy initiatives established over the past two decades have not disappeared, despite being somewhat overstretched. Coordination mechanisms such as Shared Awareness and De-confliction (SHADE) and the Djibouti Code of Conduct (Jeddah Amendment) continue to function. But their mandates and geographic scope are broader.

Persistent gaps in multinational naval coverage are worrying. Pirates have also taken advantage of the broader maritime instability caused by Houthi attacks in the Red Sea. Overstretched naval deployments and a focus by major maritime powers on Red Sea security have left parts of the Western Indian Ocean vulnerable.

The recent Hellas Aphrodite attack highlights the importance of Best Management Practices (BMPs) in combatting piracy. The vessel, carrying petrol from India to South Africa, did not have guards on board. When the pirates attacked, the crew managed to prevent a hijacking by occupying the citadel, as emphasised in the BMP’s sixth iteration.

A citadel is a secure location designed to accommodate the entire crew and additional personnel for three to five days – the duration required for friendly naval forces to assist. The citadel must be equipped with sufficient food, water, sanitation and medical supplies. Independent two-way communication with company headquarters and naval or law enforcement authorities must be maintained via separate satellite systems from those on the bridge.

The recent surge in attacks also calls for greater sensitisation of coastal communities about the dangers and penalties of engaging in piracy. Improved onboard security, increased naval patrols and rapid responses to incidents will undoubtedly safeguard vessels in the western Indian Ocean and the Gulf of Aden in the coming years.

Written by Timothy Walker, Senior Researcher, Maritime, ISS Pretoria & Halkano Wario, East Africa Regional Organised Crime Observatory, ENACT, ISS Nairobi