Renewed piracy threat in Somali Basin and Gulf of Aden

Overview

• Somali piracy has re-emerged as a material threat to commercial shipping in the Indian Ocean Region in 2026.
• Since January 2026, at least 17 piracy-related incidents have been recorded across Somali waters and the Gulf of Aden, including at least three successful hijackings of commercial vessels and five dhows, the most significant resurgence of Somali pirate activity in years.
• Two distinct Pirate Action Groups (PAGs) are assessed as behind the recent spate of attacks off Somalia. Some uncertainty surrounds the identity of the threat actors operating off Yemen, although initial indications point to an extended geographic reach of Somali pirates.
• UKMTO initially raised its regional threat assessment to “substantial” in late April, before escalating it to “severe” on 30 April, reflecting a rapid deterioration in the maritime security environment.

Recent Key Developments

Incident Summary: Somalia Waters

Within Somali waters, at least 11 incidents have been recorded since the start of the year. Two of the most commercially significant incidents, both hijackings, occurred within five days of each other in late April.

• On 21 April, the Palau-flagged tanker Honour 25, loaded with 18,000 barrels of oil, was hijacked approximately 32.5 nautical miles (NM) south-southeast of Hafun by six armed individuals carrying AK-variant rifles and a rocket-propelled grenade.
• On 26 April, the St Kitts and Nevis-flagged cargo vessel Sward was seized near Garacad by approximately ten pirates in three skiffs, also without armed security aboard. Following the hijacking, six armed men and an interpreter fluent in English and Arabic boarded the vessel to manage ransom negotiations with the shipowner. A land-based network supplied the pirates aboard with provisions driven approximately 240 kilometres from the inland city of Galkayo, indicating preparation for a protracted engagement. Both vessels were brought to anchor in known PAG holding areas and are assessed as being held for ransom as of 12 May 2026.

Other attempted piracy incidents around the same time reflect pirates’ intent to target commercial vessels; however, in both cases, protective measures proved effective in deterring the threat.

• On 23 April, the Barbados-flagged cargo vessel Elfriede was fired upon by armed pirates off Garacad; the vessel’s armed security team responded with warning shots, and the skiff disengaged without boarding.
• On 28 April, the Malta-flagged tanker Minerva Pisces, transiting 471NM offshore, successfully deterred a mothership-launched approach through armed security, increased speed, and evasive manoeuvres.

In addition to these incidents, four dhow hijackings and four approach or suspicious activity reports were recorded in Somali waters between January and May 2026.

Incident Summary: Gulf of Aden

In addition to the broader resurgence of Somali piracy, there has been a concurrent increase in PAG activity in the Gulf of Aden off Yemen. Four approach or suspicious incidents have been recorded in Yemeni waters in 2026 to date, in addition to two hijackings. The most significant case remains the 02 May hijacking of the Togo-flagged tanker Eureka while at anchorage off Qana Port, Shabwa Governorate. As of 12 May, the vessel was last assessed to be underway toward the Somali coast, with its subsequent status and exact location not publicly confirmed.

The seizure of a commercial tanker at a Yemeni anchorage represents a notable departure from the operational profiles that have characterised the current piracy cycle, which have largely involved close-inshore attacks off the Somali coast or offshore hijackings conducted from mothership-launched skiffs.

Assessment

2025 vs 2026: What Has Changed

In December 2025, Castor Vali published a deep dive on the maritime security environment off Somalia, covering the trajectory of Somali piracy through 2025 and the structural conditions shaping the threat outlook. In 2025, Somali PAGs demonstrated persistent operational capability but did not convert it into successful commercial vessel hijackings. In Somali waters, activity was concentrated in nearshore fishing vessel seizures and deep-water probing attempts, none of which resulted in a commercial hijacking. In the Gulf of Aden, the Houthis’ direct-fire threat declined significantly relative to 2024, though hybrid threats persisted, including waterborne improvised explosive devices, unmanned surface craft, and unmanned aerial vehicle activity, and piracy-related activity was limited to a single suspicious approach. No successful commercial vessel hijacking was recorded across either area.

This year’s escalation, particularly the April spike in incidents, represents a qualitative shift. For the first time in the current cycle, operational capability has been converted into successful commercial hijackings across both Somali waters and the Gulf of Aden, with the Combined Maritime Forces (CMF) and ongoing counter-piracy military mission Operation Atalanta assessing two distinct PAGs — PAG A operating close inshore near Garacad, and PAG B conducting deep-offshore mothership-launched operations — as now active concurrently in the Somali Basin. The Eureka seizure off Shabwa governorate on 02 May extends this picture further, introducing a threat profile not previously recorded in the current cycle and extending PAG operational reach into anchorages on Yemen’s southern coastline.

Who is behind the attacks?

CMF and Operation Atalanta assess PAG A as most likely responsible for the nearshore attack on the Elfriede and the hijacking of the Sward, operating close inshore near Garacad. PAG B is assessed as likely responsible for the hijacking of the UAE-flagged dhow Fahad 4 on 25 April and its use as a deep-offshore mothership in the attempted attack on the Minerva Pisces. However, PAG B abandoned the Fahad 4 in the Arabian Sea on 04 May after supplies ran short and heightened vessel vigilance prevented further attacks.

Current networks are assessed as better equipped than previous generations, with access to GPS, satellite communications, and hijacked dhow motherships enabling operations up to 900NM offshore, and with demonstrated land-based logistics and ransom negotiation infrastructure. Compounding the threat, a United Nations report assesses that Al-Shabaab reached a transactional agreement with the Houthis in 2024 under which it committed to increasing piracy activity in exchange for advanced weapons and training. Al-Shabaab is reported to be brokering ransom proceeds in exchange for protecting pirate operations, consolidating a commercial relationship that transcends the Sunni-Shia divide and represents a structural rather than opportunistic support network for PAG activity in Somali waters.

The Eureka seizure: an extended threat profile

The attribution picture for the Eureka differs from the Somali Basin incidents. The Yemeni Coast Guard confirmed the boarding by armed assailants, with reporting attributing the attack to nine Somali gunmen. The incident has been broadly framed in reporting as part of the wider Somali piracy resurgence. Should the incident be confirmed as Somali-linked, it would indicate a widening of the operational geography that commercial operators must account for, extending the threat environment to anchorages along Yemen’s southern coastline. However, a Puntland official has separately stated that Yemeni nationals are suspected among the hijackers and that the government was investigating possible links to the Houthi movement; the Puntland director general of ports assessed such collaboration as a possibility. No party has directly attributed the seizure to the Houthi movement.

Drivers of the resurgence

The current resurgence reflects the convergence of three structural conditions.

• The resurgence of Somali piracy has been enabled by a more permissive maritime security environment in the western Indian Ocean and Gulf of Aden. Since 2023, naval and ISR assets have shifted toward the Red Sea and Bab el-Mandeb in response to Houthi attacks, reducing counter-piracy coverage off Somalia. At the same time, the removal of the Indian Ocean High Risk Area designation and the scaling down of UN counter-piracy measures have lowered industry threat perceptions, likely weakening adherence to BMP-MS among some operators.
• Onshore, Puntland security forces remain heavily engaged in counterterrorism operations against Islamic State (IS) Somalia in the Bari region, placing additional strain on already limited security capacity, with potential second-order effects on coastal surveillance and disruption of illicit maritime facilitation networks along the Puntland littoral. Reduced enforcement pressure in certain coastal areas may have contributed to a more permissive environment for the reactivation of maritime criminal activity.
• Finally, heightened volatility in global energy markets and periodic increases in crude oil prices linked to instability in the Middle East have also likely increased the perceived value of tanker cargoes and reinforced incentives for kidnap-for-ransom and maritime criminal activity targeting commercial shipping.

Forecast

The threat environment offshore Somalia is assessed as severe in the short term. The current inter-monsoon window, approximately March through May, is the most permissive period for offshore operations by PAGs. The onset of the Southwest Monsoon from June through September is expected to suppress deep-offshore PAG activity and shift threat tempo to inshore waters around the Garacad and Mogadishu coastal corridors. The next permissive window for deep-offshore operations by such groups is assessed to open from approximately October 2026, representing the next elevated risk period for operators with deployments or transits planned in the western Indian Ocean.

In the medium term, the structural conditions enabling the resurgence show no trajectory of resolution. The April 2026 incidents provide direct and recent evidence that BMP-MS compliance and embarked armed security work: both the Elfriede and the Minerva Pisces successfully deterred boarding attempts, while neither the Honour 25 nor the Sward carried armed security at the time of attack. Rigorous application of BMP-MS measures, including embarked armed security on vessels transiting elevated threat areas, remains the single most effective risk reduction measure available to operators.

About Castor Vali Risk Intelligence Services

This deep dive forms part of Castor Vali’s wider maritime reporting capability. While this report provides detailed analysis of the piracy threat in Somali Basin and Gulf of Aden, our ongoing monitoring keeps clients informed of potential threats, encompassing piracy, terrorism, and other modern-day maritime risks. Through timely analysis of maritime activities, we deliver strategic insights to pinpoint high-risk zones, enabling the precise deployment of resources to safeguard vessels, crew, and reputation.that clients receive timely, operationally relevant updates as security dynamics continue to develop.

Maritime subscriptions entail access to the following products:

• Maritime Flash Alerts produced for all offshore areas globally and are offered for free to clients as part of our ongoing support to the maritime industry and seafarers since our inception.
• Maritime Weekly Reports provide a review of key incidents globally (West Africa, Indian Ocean high-risk areas, Southeast Asia and the Americas) with supporting analysis, forecasts and graphics.
• Maritime Deep Dives offer detailed, topic-specific analysis into evolving maritime threats, regional trends, or strategic risk developments.

We encourage our clients to test our services and offer free trials to interested clients at any time.