Overview:
Amid the ongoing Israel-Iran conflict, cyberspace has emerged as an increasingly active front, with notable spillover into critical infrastructure sectors. In the days following the initial escalation, both private-sector and government reporting confirmed a sharp increase in cyber activity—ranging from opportunistic hacktivist campaigns to more disruptive operations. The Information Technology-ISAC and the Food and Agriculture ISAC issued a joint alert warning of elevated cyber threats, underscoring the cross-sector impact of operations linked to the conflict.
Following a U.S. military strike on Iranian nuclear facilities, the Department of Homeland Security issued additional guidance, noting a rise in low-level cyber incidents attributed to pro-Iranian groups and warning that state-sponsored actors may exploit poorly secured network technologies to target U.S. infrastructure.
As in previous regional conflicts, space-related organizations, particularly those with ties to government and defense, have become key targets, absorbing both direct and indirect impacts from broader cyber and electronic warfare activity. This pattern mirrors past incidents, such as the aftermath of the October 7, 2023 attacks against Israel, when pro-Palestinian hacktivists targeted a variety of space infrastructure, from web servers to GNSS receivers.
On June 12, 2025, Israel launched a preemptive strike on Iranian military and nuclear sites, triggering a rapid escalation in hostilities. The following day, Iran retaliated with a wave of missile and drone attacks targeting Israeli military and intelligence infrastructure. As the kinetic conflict unfolded, a parallel front emerged in cyberspace—manifesting in increased cyberattacks and widespread GNSS interference affecting both regional and global operations.
Hacktivism and High-Noise Attacks:
Between June 12 and June 15, Radware reported a 700% surge in cyberattacks targeting Israeli infrastructure. These attacks included destructive operations, disinformation campaigns, distributed denial-of-service (DDoS) activity, and web defacements—many of which were low in sophistication but high in volume, consistent with common hacktivist tactics. Notably, analysis of these incidents reveals a recurring focus on the intersection of space and defense, with satellite operators, defense contractors, and national space agencies among the frequently named targets.
Between June 12 and June 26, at least 41 cyberattacks were claimed by various threat groups, reportedly affecting 36 space or space-adjacent organizations. While most of these targets were Israeli, several incidents extended to U.S. and U.K.-based companies and government agencies. Most of the claimed activity involved distributed denial-of-service (DDoS) attacks—tactics that, while not directly threatening to space system functionality, offer insight into the ideological motivations and target selection of pro-Iranian actors. There have been some indicators of potential escalation, such as unverified claims by the hacktivist group GhostSec, which alleged it had compromised 10 Israeli VSAT terminals. Despite the low confidence of the claims, they reflect how disruptive techniques may carry over to operationally relevant targets.
The volume and variety of hacktivist engagements also highlight a long-standing trend: politically motivated cyber actors often outlast the kinetic phases of conflict, continuing operations driven by ideology, affiliation, or retaliation. This is where a significant portion of the risk emerges: current cyber activity may serve as early-stage reconnaissance or testing, laying the groundwork for more impactful operations over time. As of June 22, CyberKnow reports 120 active hacktivist groups. Additional reporting indicates that cybercriminal groups and nation-state threats are also active.
GNSS Interference
One of the most persistent and concerning developments in the wake of the June strikes has been the notable increase in GNSS interference across the Middle East. Multiple indicators—ranging from Notices to Airmen (NOTAMs) and Conflict Zone Information Bulletins (CZIBs) to commercial GNSS monitoring platforms—confirm a highly degraded signal environment since June 12.
These disruptions, though often short-lived (30 seconds to five minutes), have had tangible impacts on air and maritime navigation. Iranian Flight Information Regions (FIRs) have seen cessation of overflight traffic and remain high risk as the conflict continues. Maritime operations in the Strait of Hormuz, the Persian Gulf, the Arabian Sea, and the Red Sea report growing concerns over navigational reliability.
Historically, the region encompassing Israel, Iran, Iraq, and Lebanon has been a contested GNSS environment due to ongoing conflict and electronic warfare experimentation. But current levels of disruption reflect an unprecedented intensity—likely influenced by active jamming, spoofing, and broader electronic warfare activity aligned with military objectives.
For the space sector, this presents growing concern. Not only do satellite signals enable navigation, but the operational integrity of space systems—from launch telemetry to earth observation—relies on uninterrupted, precise GNSS functionality. Disruption at this scale and frequency adds volatility to an already complex threat landscape.
Conclusion:
As the Israel-Iran conflict evolves, space-sector stakeholders should prepare for sustained disruption—both in cyberspace and across the electromagnetic spectrum. Historical patterns suggest that politically driven hacktivist operations will persist beyond any temporary ceasefire or de-escalation. State-sponsored campaigns may adapt their tactics to circumvent increasing defenses or target international partners seen as aligned with either side.
GNSS interference, often underreported or normalized in high-tension areas, is likely to continue at elevated levels—posing persistent risks to aerospace operations, satellite communications, and precision-guided systems.
While it is difficult to predict the trajectory of the broader conflict, one trend is clear: the space sector is a legitimate target for geopolitically motivated threat sources. These developments underscore how the space sector continues to absorb spillover from geopolitical tensions as a function of its strategic proximity and symbolic value. Recent assessments from U.S. cybersecurity agencies reaffirm this trend, noting that “Iranian-affiliated cyber actors may target U.S. devices and networks for near-term cyber operations.” The advisory highlights the Defense Industrial Base (DIB) as a sector of elevated risk, with particular emphasis on edge devices and operational technology (OT) systems, both of which play critical roles in the development and operation of space infrastructure.
