Back

Cyberattack on Satellite Infrastructure Highlights Hybrid Threats

Severity: High (Score: 72.6)

Sources: Medium, cybercenter.space

Published: 2026-06-02 · Updated: 2026-06-02

Keywords: satellites, percent, space, cyber, strategic, triangle, protecting

Severity indicators: rce, ot, rat

Summary

On February 24, 2022, a cyberattack targeted a commercial satellite communications provider, disrupting broadband access for tens of thousands of modems across Europe. This incident, attributed to Russian military intelligence, affected emergency services and military operations, blurring the lines between commercial and military satellite functions. The attack demonstrated that adversaries no longer distinguish between commercial and military assets, as critical infrastructure is increasingly provided by commercial operators. Currently, there are 14,904 satellites in orbit, with over 70% of NATO's satellite communications relying on commercial services. Five advanced persistent threat groups are actively targeting satellite infrastructure, indicating a significant shift in the operational landscape. The existing governance framework for satellite security is outdated, failing to address the complexities of hybrid threats in the current environment. Key Points: • A cyberattack on a commercial satellite provider disrupted services for tens of thousands in Europe. • The attack, attributed to Russian military intelligence, blurred lines between commercial and military assets. • Over 70% of NATO's satellite communications rely on commercial operators, increasing vulnerability.

Detailed Analysis

**Impact** The cyberattack disrupted broadband access for tens of thousands of modems across Europe, affecting emergency services, wind farm operations, and early-stage military command and control infrastructure. Over 70% of NATO’s satellite communications rely on commercial operators, making the commercial sector a critical target. The attack demonstrated that commercial satellite networks providing military-related services are operationally considered military assets, expanding the target scope beyond government-owned infrastructure. **Technical Details** The attack targeted the ground segment of satellite systems, specifically commercial satellite communications providers’ networks. This segment includes ground stations, control centers, uplink facilities, and terrestrial communications infrastructure, which are vulnerable due to software with known vulnerabilities, exploitable administrative interfaces, and a complex supply chain. The attack was attributed to Russian military intelligence and involved compromising network access to deny service without physically damaging satellites. No specific malware, CVEs, or IOCs were detailed in the sources. **Recommended Response** Defenders should prioritize securing the ground segment by applying patches to known vulnerabilities in control systems and administrative interfaces, enforcing strong authentication mechanisms, and conducting comprehensive supply chain security assessments. Network monitoring should focus on detecting unauthorized command issuance and anomalous operational parameter changes. In the absence of detailed IOCs, continuous monitoring of satellite network traffic and access logs is essential to identify potential intrusions.

Source articles (2)

  • Space, Cyber, and the New Strategic Triangle: Protecting Satellites in an Era of Hybrid Threats — Medium · 2026-06-02
    There are currently 14,904 satellites in orbit — a 31.5 percent increase since 2023. More than seventy percent of NATO’s satellite communications are provided by commercial operators. Five documented…
  • Space Cyber And The New Strategic Triangle Protecting Satellites In An Era Of Hybrid Threats — cybercenter.space · 2026-06-02
    There are currently 14,904 satellites in orbit — a 31.5 percent increase since 2023. More than seventy percent of NATO’s satellite communications are provided by commercial operators. Five documented…

Timeline

  • 2022-02-24 — Cyberattack on commercial satellite provider: A cyberattack disrupted broadband access for tens of thousands of modems across Europe, impacting emergency services and military operations.
  • Recent — Increase in satellite numbers: There are currently 14,904 satellites in orbit, marking a 31.5% increase since 2023.
  • Recent — Active targeting of satellite infrastructure: Five advanced persistent threat groups are actively targeting satellite infrastructure, indicating a growing threat landscape.

Related entities

  • Viasat Attack (Campaign)
  • Australian Signals Directorate (Company)
  • Fortinet (Company)
  • NATO (Company)
  • NSa (Company)
  • Viasat (Company)
  • Russia (Country)
  • Ukraine (Country)
  • satellite.at (Domain)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed