The interdiction by the Sentinel-class fast-response cutter USCGC Emlen Tunnell (WPC-1145) represents CTF 150’s first drug seizure since New Zealand assumed command Jan. 15.
The cutter’s boarding team discovered and seized 2,357kg of hashish from the vessel. After weighing and documenting the haul, the crew properly disposed of the narcotics.
Commodore Rodger Ward, commander of CTF 150, said he’s proud of the team effort that went into making this interdiction a reality after only a few weeks in command.
“Our command is a small cog in a system focused on interdicting illicit trafficking on the high seas,” Ward said. “This is a team effort and this bust would not have been possible without the support of the 46 nations who make up the Combined Maritime Forces.”
Ward noted that every bust we make reduces the flow of finances to terrorist organizations. “This is why we’re here, to contribute to maritime security and protect the rules-based international order,” he said.
Emlen Tunnell is forward deployed to Bahrain. The fast response cutter is part of a contingent of U.S. Coast Guard ships operating in the region under Patrol Forces Southwest Asia (PATFORSWA). PATFORSWA deploys Coast Guard personnel and ships alongside U.S. and regional naval forces throughout the Middle East.
CTF 150 is one of five task forces under Combined Maritime Forces, the world’s largest international naval partnership. CTF 150’s mission is to deter and disrupt the ability of non-state actors to move weapons, drugs and other illicit substances in the Indian Ocean, the Arabian Sea and the Gulf of Oman.
Combined Maritime Forces is a 46-nation naval partnership upholding the international rules-based order by promoting security and stability across 3.2 million square miles of water encompassing some of the world’s most important shipping lanes.
Exercise Cutlass Express 2025, sponsored by U.S. Africa Command and enabled by U.S. 6th Fleet, brings together more than 20 multinational partners for two weeks of training to support collaborative maritime security operations in the region.
Throughout the exercise, U.S. forces will work alongside participating nations to enhance maritime domain awareness, improve international law enforcement capacity and increase interoperability between the U.S., African, and other multinational partner navies and coast guards.
“Cutlass Express continues to provide an exceptional venue to collaborate with our African partners on maritime security,” said Vice Adm. J. T. Anderson, commander, U.S. 6th Fleet. “When we combine the strength of our partnerships with the high level of training provided by exercises like this, we improve the overall security and economic prosperity of a region that extends far beyond the territorial waters and exclusive economic zones of each individual nation.”
This year’s exercise will focus training efforts in Mauritius, Seychelles and Tanzania, though information sharing and coordination will take place across nine maritime operation centers (MOCs) located throughout the region. Additionally, Exercise Cutlass Express 2025 is linked to U.S. Naval Forces Central Command’s International Maritime Exercise 2025 through information sharing between MOCs to improve theater-to-theater coordination, reduce regional seams, and strengthen U.S. and partner nation capabilities and interoperability.
Exercise Cutlass Express 2025 will also run concurrently with the U.S. Army Southern European Task Force, Africa led exercise Justified Accord 2025 in Kenya and Tanzania to improve defense capabilities of multi-domain forces and refine crisis and counterterrorism responses, ultimately reducing global maritime threats.
Participants in this year’s iteration of Cutlass Express include Belgium, Comoros, Djibouti, France, Georgia, India, Kenya, Madagascar, Malawi, Mauritius, Morocco, Mozambique, Senegal, Seychelles, Somalia, Tanzania, Tunisia, and the United Kingdom.
Cutlass Express is one of three regional maritime exercises led by U.S. 6th Fleet as part of a comprehensive strategy to provide collaborative opportunities to African forces and international partners to address maritime security concerns.
Commander, U.S. 6th Fleet, headquartered in Naples, Italy, conducts the full spectrum of joint and naval operations, often in concert with allied and interagency partners to advance U.S. national interests, security and stability in Europe and Africa.
During a simulated at-sea period, or fast cruise, the staff and Mount Whitney’s military-civilian combined crew exercised normal underway conditions and the battle rhythm required to sustain fleet-wide distributed maritime operations.
“We demonstrated we could run our Maritime Operations Center effectively from our flagship,” said Vice Adm. J.T. Anderson, commander of U.S. 6th Fleet. “Our staff’s ability to deploy anytime while still commanding thousands of Sailors, ships, submarines and aircraft across two areas of operation is what makes our headquarters one of the most flexible, mobile, and active warfighting platforms in the U.S. military.”
USS Mount Whitney is 6th Fleet’s primary warfighting platform and the only place where the commander can simultaneously command U.S. forces and NATO forces. Its command and control systems allow designated staff to enable an array of naval and joint operations while at sea, including rapid maritime response; planning, coordinating, and directing the employment of forces to maintain mission readiness; building working relationships with Allies and partners; protecting U.S. citizens and U.S. interests; and deterring hostile forces in European and African theaters.
The three-day embark coincided with the U.S. 6th Fleet’s anniversary. Sixth Fleet was established Feb. 12, 1950 with the responsibility for the Mediterranean, marking 75 years of service.
U.S. Sixth Fleet, headquartered in Naples, Italy, conducts a full spectrum of joint and naval operations, often in concert with Allies, in order to advance security and stability in Europe and Africa.
Phobos Group Alleged to have Attacked Over 1,000 Victims Worldwide
The Justice Department today unsealed criminal charges against Roman Berezhnoy, 33, and Egor Nikolaevich Glebov, 39, both Russian nationals, who allegedly operated a cybercrime group using the Phobos ransomware that victimized more than 1,000 public and private entities in the United States and around the world and received over $16 million in ransom payments. Berezhnoy and Glebov were arrested this week as part of a coordinated international disruption of their organization, which includes additional arrests and the technical disruption of the group’s computer infrastructure.
From May 2019, through at least October 2024, Berezhnoy, Glebov, and others allegedly caused victims to suffer losses resulting from the loss of access to their data in addition to the financial losses associated with the ransomware payments. The victims included a children’s hospital, health care providers, and educational institutions.
8Base Seizure Banner
According to court documents, Berezhnoy, Glebov, and others operated a ransomware affiliate organization, including under the names “8Base” and “Affiliate 2803,” among others, that victimized public and private entities through the deployment of Phobos ransomware.
As part of the scheme, Berezhnoy, Glebov, and others allegedly hacked into victim computer networks, copied and stole files and programs on the victims’ network, and encrypted the original versions of the stolen data with Phobos ransomware. The conspirators then allegedly extorted the victims for ransom payments in exchange for the decryption keys to regain access to the encrypted data by, among other things, leaving a ransom note on compromised victim computers and separately reaching out to victims to initiate ransom payment negotiations.
As alleged, the conspirators also threatened to expose victims’ stolen files to the public or to the victims’ clients, customers, or constituents if the ransoms were not paid. The conspirators are further alleged to have established and operated a darknet website where they repeated their extortionate threats and ultimately published the stolen data if a victim failed to pay the ransom.
After a successful Phobos ransomware attack, criminal affiliates paid fees to Phobos administrators for a decryption key to regain access to the encrypted files. Each deployment of Phobos ransomware was assigned a unique alphanumeric string in order to match it to the corresponding decryption key, and each affiliate was directed to pay the decryption key fee to a cryptocurrency wallet unique to that affiliate.
The charges unsealed today against Berezhnoy and Glebov follow the recent arrest and extradition of Evgenii Ptitsyn, a Russian national, on charges relating to his alleged administration of the Phobos ransomware variant.
In parallel with this week’s arrests, Europol and German authorities have announced an international operation involving the FBI and other international law enforcement partners to disrupt over 100 servers associated with this criminal network.
Berezhnoy and Glebov are charged in an 11-count indictment with one count of wire fraud conspiracy, one count of wire fraud, one count of conspiracy to commit computer fraud and abuse, three counts of causing intentional damage to protected computers, three counts of extortion in relation to damage to a protected computer, one count of transmitting a threat to impair the confidentiality of stolen data, and one count of unauthorized access and obtaining information from a protected computer. If convicted, Berezhnoy and Glebov face a maximum penalty of 20 years in prison on each wire fraud-related count; 10 years in prison on each computer damage count; and five years in prison on each of the other counts. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
Supervisory Official Antoinette T. Bacon of the Justice Department’s Criminal Division, U.S. Attorney Erek L. Barron for the District of Maryland, Assistant Director Bryan Vorndran of the FBI’s Cyber Division, and Special Agent in Charge William J. DelBagno of the FBI Baltimore Field Office made the announcement.
The FBI Baltimore Field Office is investigating the case. The Justice Department extends its thanks to international judicial and law enforcement partners in the United Kingdom, Germany, Japan, Spain, Belgium, Poland, Czech Republic, France, Thailand, Finland, and Romania, as well as Europol and the U.S. Department of Defense Cyber Crime Center, for their cooperation and coordination with the Phobos ransomware investigation. The National Security Division’s National Security Cyber Section and the Justice Department’s Office of International Affairs also provided valuable assistance.
Senior Counsel Aarash A. Haghighat of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Thomas M. Sullivan for the District of Maryland are prosecuting the case. Former CCIPS Trial Attorney Riane Harper and former Assistant U.S. Attorneys Aaron S.J. Zelinsky and Jeffrey J. Izant for the District of Maryland provided substantial assistance.
Additional details on protecting networks against Phobos ransomware are available at StopRansomware.gov, including Cybersecurity and Infrastructure Security Agency Advisory AA24-060A.
An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
The week began with academic discussions covering a series of topics including the naval planning process, maritime operations center procedures, and disaster response coordination.
IMX25 is a 12-day naval training event hosted by U.S. Naval Forces Central Command (NAVCENT). This year’s iteration of IMX is linked with exercise Cutlass Express. Cutlass Express, led by U.S. Naval Forces Europe-Africa, is an annually scheduled exercise designed to enhance regional maritime awareness and the combined capabilities of partner nations to respond to maritime threats. The exercises are link through information sharing between maritime operations center to strengthen theater-to-theater coordination, reducing regional seams and strengthening U.S. and partner nation capabilities and interoperability.
More than 5,000 personnel from more than 35 nations and international organizations will take part in both exercises.
IMX is designed to demonstrate global resolve in preserving the rules-based international order, offering a unique opportunity for participants to collaborate and showcase regional maritime security cooperation.
“Exercises like IMX show that we are at our best when we work together and that our resolve is unwavering,” said U.S. Navy Rear Adm. Jeff Jurgemeyer, NAVCENT vice commander, during his remarks at the opening ceremony. “The Middle East region is a critical crossroads for worldwide commerce and trade. IMX is our combined assurance that the potential for economic success is greatest when international waterways are safe and open for all.”
The operational phase will include partner exchanges on mine and countermeasures; visit, board, search and seizure; unmanned systems and artificial intelligence integration; explosive ordnance disposal; vessel defense; search and rescue; and mass casualty response, among other focus areas.
This is the ninth iteration of IMX since its establishment in 2012.
The U.S. 5th Fleet area of operations encompasses nearly 2.5 million square miles of water area and includes the Arabian Gulf, Gulf of Oman, Red Sea, parts of the Indian Ocean and three critical choke points at the Strait of Hormuz, Suez Canal and Bab al-Mandeb.
More information about IMX is available at: https://www.cusnc.navy.mil/IMX/.