.svg){kind=icon}
Go back
On 24 November 2025, the CSS at ETH Zürich published the latest in its Cyberdefense Report series.
In Breaking the Final Frontier, Clémence Poirier reveals that during the Gaza War and beyond — the space sector has emerged as a major target for cyberattacks.
According to her research, there were 237 identified cyber operations against space-sector entities in the conflict’s context.
November 27, 2025
Clémence Poirier, researcher at ETH Zürich’s Center for Security Studies (CSS), specializes in cyber operations and the militarization of digital infrastructure. Her database of space-related cyber operations is one of the most comprehensive in the world.
ETH Zürich, founded in 1855, is consistently ranked among the world’s top science and engineering universities. Its CSS program provides strategic insights for governments navigating the intersection of technology, security, and geopolitical instability.
The report’s findings mark a sharp departure from previous decades, when cyber operations against satellites or ground-station infrastructure were rare and mostly limited in effect.
With the dramatic expansion in dependence on space systems (for communications, intelligence, navigation, logistics, and critical infrastructure), “space” has become arguably the soft underbelly of modern warfare.
Poirier’s report highlights that while space-sector cyber-attacks were uncommon for years, February 2022 (coinciding with the invasion of Ukraine and the infamous hack on the KA-SAT satellite network) marked a turning point.
Targets: attacks were not only aimed at sat-in-orbit systems but heavily — and more frequently — at ground infrastructure: aerospace and defence firms, satellite ground stations, GNSS-related facilities, space agencies, and satellite-internet providers.
Nature of attacks: the majority involved DDoS, website defacements, data leaks, or intrusion attempts targeting ground-based segments. The report notes that none of the 237 operations identified involved direct attacks on satellites already in orbit; instead, attackers focused on the more accessible, ground-based parts of the space ecosystem.
Actors: The report identifies 73 distinct threat actors, overwhelmingly non-state or hacktivist groups — particularly pro-Palestinian collectives mobilized after the October 2023 Gaza conflict.
But what makes these actors especially noteworthy is the operational style many adopted: a pattern borrowed directly from the Russian hacktivist playbook refined since 2014 and institutionalized during the war in Ukraine.
Many of the Gaza-related hacktivist groups were not long-standing organizations. They emerged almost overnight on Telegram — mirroring the Russian tactic of spawning disposable cyber collectives (à la KillNet or NoName057(16)). These groups:
This volatility is not accidental — it is a core element of the Russian approach: flood the domain with noise and overwhelm defenders with volume rather than sophistication.
Despite the high number of attacks, the report concludes that — up to now — these operations have had little tangible effect on kinetic battlefield outcomes.
However, the trend reveals a disturbing evolution: cyber operations against space-sector ground infrastructure are becoming a systematic component of modern conflicts.
Poirier warns of "weak signals" pointing to the next frontier of risk: increased interest by hacktivist groups in satellite hacking tools; blurred lines between cyber-attacks, information warfare, and data-leak campaigns; and rising internationalization of attacks — with networks crossing conflict zones, national borders, and war theaters.
The fact that many attackers are non-state hacktivists, not formal militaries, shows that even “privileged” targets are vulnerable. The proliferation of hacking tools, and the barrier-to-entry lowered by open-source leaks and on-chain tools, means that many actors — not only states — can threaten space-related assets.
Satellites themselves remain hard to breach; but ground stations, control centers, supply-chains, network-infrastructure, software systems — all remain vulnerable and easier to target. As such, cybersecurity efforts should focus less on dazzling orbit-defence and more on robust, resilient ground-infrastructure protection.
Because space systems support global communications and civil infrastructure, a cyber-attack initiated in one region could have cascading effects worldwide. The “internationalization” of cyber conflicts is not just a theoretical concern — the report shows it's already happening.
The U.S. and China are locked in a race for supremacy in satellite networks, quantum communication, and space-based surveillance.
Russia has openly integrated cyber tools into its military strategy.
The Gaza conflict acted as a catalyst for hacktivists and proxy cyber groups across the region. Their operations, although technologically limited, highlight how regional conflicts now spill into global space infrastructures, dragging neutral countries and corporations into crossfire.
Europe relies heavily on satellite systems it does not fully control:
With war on its eastern border, Europe faces the uncomfortable truth: its digital sovereignty depends on infrastructure that is neither fully European nor fully protected.
If we are to protect our interconnected world, we must shift our attention from the stars to the ground: securing the infrastructure that links Earth to orbit. Because in the 21st century, war no longer begins with boots on the ground — it begins with code, servers, and satellites.
You can support TheSIGN by becoming our SATELLITE. Click to learn more about sponsorship.