Space Sector Faces 400% Surge in Cyberattacks Amid Iran War, Experts Say
Space Sector Faces 400% Surge in Cyberattacks Amid Iran War, Experts Say
Publish Date: 2026-06-23 16:50:00
Source Domain: www.satellitetoday.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
The space sector is seeing a dramatic rise in the tempo and sophistication of cyberattacks following U.S. and Israel-led military operations in Iran, according to cybersecurity experts.
“From a high-level activity perspective, we’re operating at a tempo about 400% above where we were before the war,” Norm Laudermilch, CISO of Vantor, said during a June 23 CyberSat webinar on Iranian threats to space infrastructure.
The spike in security events is similar to other geopolitical conflicts, like the Russian invasion of Ukraine, according to Laudermilch. What is different, he said, is the convergence of hacktivist groups and nation-state actors. Unlike previous conflicts that saw a rise in hacktivists and cybercriminals conducting low-level attacks, experts are seeing a sustained targeting of the defense, industrial base and adjacent sectors, including aerospace and space.
“Each time you have a geopolitical crisis, a war, a conflict or a massive political decision, you have attacks against the space sector,” said Clémence Poirier, senior cyberdefense researcher at the Center for Security Studies (CSS) at ETH Zurich in Switzerland.
In a recent article, Poirier documented a shift in Iranian cyber operations from the 12-day Israel-Iran war in 2025 to Operation Epic Fury in February 2026. She identified a greater presence of sophisticated state cyber actors and geographically targeted attacks against Gulf nations, which were simultaneously hit by kinetic strikes.
During the first weeks of the conflict, Iranian state-sponsored groups launched a series of attacks. Mobir, with ties to the Islamic Revolutionary Guard Corps (IRGC), took credit for cyberattacks against Space42, Bayanarta, Thuraya, Yahsat, Arabsat and the UAE Space Agency. Handala, a hacktivist group with ties to Iran’s Ministry of Intelligence and Security, reportedly conducted personnel and doxxing attacks against Lockheed Martin employees in Israel. Lockheed was also targeted by the IRGC-linked APT33, which claimed to have stolen 375 terabytes of data from the company.
AI a ‘Double-Edged Sword’
The volume and sophistication of the attacks on the space sector is being attributed to the adoption of artificial intelligence.
“AI has lowered the barrier to entry for the threat actors while increasing the scale and complexity of the attacks,” said Laudermilch. This includes AI-enabled malware development, social engineering campaigns and powerful frontier AI models, like Anthropic’s Mythos or OpenAI’s GPT-5.5-Cyber, which have allowed users to rapidly identify and deploy exploits.
A three-page statement released Monday by leaders of the Five Eyes cybersecurity agencies, comprising the United States, Britain, Canada, Australia, and New Zealand, warned that frontier AI models are transforming offensive cyber capabilities on a timeframe of months, not years. The statement encouraged leaders to prioritize cyber resilience and foundational cybersecurity practices and controls.
Poirier described AI as a “double-edged sword,” given the speed and proliferation of offensive and defensive capabilities. “AI can be very good at finding vulnerabilities so that you can patch them,” she said. “But at the same time, you’re not going to be able to patch everything on the satellite. … So, you have to focus on patching the most critical and most likely to be exploited vulnerabilities.”
Even if companies use AI to discover vulnerabilities, most do not have the resources or time to test solutions, deploy them, ensure compatibility, and secure against downtime. “We have to kind of give up on the fact that patching and prevention is the top priority because the current toolset in use by the attackers has taken that away from us,” said Laudermilch. The focus now is shifting to containment and detection, rather than prevention, he said, because new AI models “will generate zero-days a dime a dozen.”
Networks Remain Vulnerable
AI has changed the tempo of the threat, but the attack vectors remain largely unchanged. Within the satellite network, the ground segment and IT environments remain the most vulnerable. Identity and access management, cloud infrastructure, as well as third-party supply chains are all sources of potential compromise that experts say should be defended through supply chain visibility, Zero-Trust architectures, role-based access controls, and organization-wide security awareness training.
The spacecraft itself has remained a more difficult target. However, new government initiatives are highlighting the risks of on-orbit cyberattacks. As part of its efforts to protect space-dependent critical infrastructure, the U.S. Department of Homeland Security Science and Technology Directorate (DHS S&T) recently released research to support onboard threat detection and countermeasures.
Poirier noted that there are almost never reports of incidents where the space segment is the entry point of an attack, though that may change with onboard detection.
“It’s a bit of a chicken and egg problem, where do we not see attacks onboard because there are none,” she asked. “Or is it just that there are attacks against the space segment but we don’t see them because we don’t have data?”
It is much easier to compromise a spacecraft through human users or system vulnerabilities, said Laudermilch. “If your intent is to disable an automobile, would you spend all the time to hack the computer that controls everything or would you just put a knife in the tire?”
The webinar on evolving satellite cybersecurity risks was part of an ongoing discussion leading up to CyberSat, taking place November 3-5 in Reston, Virginia
