Space Attacks Open Database Project

 194 total views,  10 views today

In part of the Space Cybersecurity Open Project, we publish below a Space Attacks Open Database. This first version is the result of the work of several researchers :

  • Jason Fritz, author of « SATELLITE HACKING: A Guide for the Perplexed« .
  • Mark Manulis, R. Harrison & Venkkatesh Sekar (Surrey Centre for Cyber Security, University of Surrey, Guildford, UK), Christopher P. Bridges (Surrey Space Centre, University of Surrey, Guildford, UK) and Andy Davis (NCC Group, Manchester, UK), authors of « Cyber Security in New Space« , within which we can find a link to an electronic supplementary material that contains a list of Space Attacks.

I have to mention Prof. Gregory Falco (Cybersecurity Research Fellow, Harvard University; Research Scholar, Stanford University; Research Affiliate, MIT) and one of his student but also Harrison Caudill and Jim Volp from OSA (Orbital Security Alliance) who are working hard on a such Database.

Our goal is to reference the latest known Space Attacks in order to maintain an up to date Database with the contribution of the Community.

If you want to contribute to this project or if you want to inform us about new space attacks, contact us with the following form.

Some terms explanation

  • Computer network exploitation (CNE) is a technique through which computer networks are used to infiltrate target computers’ networks to extract and gather intelligence data. It enables the exploitation of the individual computers and computer networks of an external organization or country in order to collect any sensitive or confidential data, which is typically kept hidden and protected from the general public.
  • Hijack attack, in communication, is a form of active wiretapping in which the attacker seizes control of a previously established communication association.
  • Jamming is a form of electronic anti-satellite (ASAT) attack that interferes with communications traveling to and from a satellite by emitting noise of the same radio frequency (RF) within the field of view of the satellite’s antennas
  • The term « eavesdropping » is used to refer to the interception of communication between two parties by a malicious third party.
DateType of AttackSegmentTargetType of TargetOriginImpactIntentReferences 
1977HijackingData CommsITM new broadcast (audio)CommercialUnknownAudio was replaced by one which warned humankind’s current path would lead to a bad futureWarning[1]
1985HijackingData CommsState-run television broadcasts in TorunGovernmentAcademicsSuperimposed political messages onto TV broadcastsPolitical[2]
1986HijackingGround SegmentHome Box Office (HBO) satellite TV network - Galaxy 1 satelliteCommercialSingle insiderDisrupted uplink and displayed messages for 4 to 5 minutes of HBO on US East coastWarning[3]
1987HijackingData CommsPlayBoy ChannelCommercialInsider from Christian Broadcasting NetworkSignal was hijacked/jammed – character generator and transmitter at CBN matched the tape recording of the jammingWarning[1]
1987HijackingData CommsChicago-based TV broadcastsCommercialUnknownMax Headroom impersonator hijacked TV signals for two chicago-based stations.Unknown[1]
1995JammingData CommsKurdish satellite TV channel MED-TVCommercialTurkeyTransmissions of MED-TV from the Eutelsat satellite were jammed intentionally as it was believed to be a ``mouthpiece" for terrorist groups.Political[1]
1997JammingData CommsCommunication satellite APSTAR-1AGovernmentIndonesiaIndonesian satellite transmitted interference to jam APSTAR-1A due to its use of a disputed orbital slot citePolitical[1,4]
1997CNEGround SegmentNASAGovernmentUnknownCyber attack on NASA’s Goddard Space Flight Centre – able to control computers which designed and tested command and control codes, and then transferred information overseasState Espionage[1]
1998ControlSpace SegmentUS-German ROSAT satelliteGovernmentRussia (allegedly)Satellite turned towards the sun, damaging itself and rendering itself useless. Linked (tenuously) to a intrusion at the Goddard Space Flight Centre. Could have also been a malfunction?Unknown[1]
1998CNEGround SegmentPentagon networkGovernment, MilitaryHacking Group Masters of DownloadingHacking group claimed to have stolen satellite control software from Pentagon network – Pentagon denies this but revealed that a less secure network containing sensitive information had been breached. Also the group was considering “selling the information to international terrorist groups or foreign governments”Criminal- selling information on for esp/terrorism[1]
1998Denial of Service (Accidental)Space SegmentPANAMSAT Galaxy 4 satCommercialN/A AccidentalOn-board processor anomaly disabled 80-90% of pagers across US for 2-4 days, blocked credit card transactions.Accident[1]
2000JammingData CommsBritish and US military tanksMilitaryFrench Security AgencyGPS navigation signals used in British and US military tanks were jammed in tank trial for the Greek army. intended to make US and British tanks look inferior to others so that Grecian military chose other tanks.State Espionage[1,5]
2001CNEGround SegmentNASA facilitiesGovernmentBritish Hacker Gary MckinnonExploited default credentials to gain access to networks at five NASA facilitiesHack and Leak[6]
2002HijackingData CommsChinese satellite TV broadcastsCommercialFalun Gong cult“Television signals illegally broadcast by the Falun Gong cult cut into transmissions using the Sino Satellite (SINOSAT) from June 23 to 30, blocking the World Cup finals for viewers in some rural and remote areas in China.”Political[7]
2002CNEGround SegmentMarshall Space Flight CenterGovernmentChina (suspected)Intruder was able to penetrate into the network and steal design of rocket enginesState Espionage[1]
2002JammingData CommsAccidental- civilian GPSCivilianPoorly installed CCTV camera by man from DouglasAccidental interference from poorly installed CCTV camera blocked GPS signals within a kilometre.Accident[8]
2002EavesdroppingData CommsNATO surveillanceMilitaryRadio AmateurRadio Amateur from England was able to eavesdrop on satellite signals from NATO surveillance flightsResearch[9]
2003JammingData CommsTelstar 12 satellite TV transmissionsCivilianIran and CubaUS-sponsered news transmissions by the Telstar 12 satellite into Iran were disrupted by a Cuban electronic-intelligence facilityPolitical[10]
2004HijackingData CommsChinese satellite TV broadcastsCommercialFalun Gong cult“On Saturday evening, television programmes promoting Falun Gong appeared on the feed beamed into China from a satellite owned by the Hong Kong company AsiaSat.”Political[11]
2005JammingData CommsSatellite radio station ``Sout Libya" uplinks to the Eutelsat HotBird and Telstar 12 satellitesCivilianLibyan GovernmentWithin minutes of the Sout Libya radio station broadcasting, the Libyan government jammed the radio station's signal with a high-powered one. This jamming also affected many British and European TV and radio station and is alleged to have disrupted American communications as well. Same behaviour observed when Sout Libya changed satellite provider cite.Political[12]
2005CNEGround SegmentKennedy Space Center’s Vehicle Assembly Building, NASA satellite control complex in Maryland, Johnson Space Center in HoustonGovernmentTaiwan (suspected)Malware gathered data from computers in the VAB, then spread to other networks in Maryland and Houston. 20 GB of compressed data was sent to TaiwanState Espionage[1]
2005JammingData CommsTelecom satellitesCommercial, Government, MilitaryLibyan GovernmentDisrupted signal for several TV and radio stations which served Britain and Europe and American diplomatic, military and FBI commsPolitical[1]
2006HijackingData CommsAl Manar TV stationCommercialIsrael (state-sponsored)Disrupted transmission to broadcast ant-Hezbollah propagandaPolitical[1]
2006JammingData CommsThuraya mobile sat commsCommercialLibyan nationalsSignals jammed for six months, in an attempt to disrupt smuggling operations which used the Thuraya sat phonesStop criminal activity[1]
2006Phishing/CNEGround SegmentNASA employeesGovernmentUnknownNASA officials opened an email and clicked on a link which then infected and compromised workstations at their Washington headquarters. This allowed access to files containing cutting-edge satellite researchState Espionage[1]
2007HijackingData CommsSatellite TV broadcast(Intelsat satellite vacant Ku-band transponder)CommercialLiberation Tigers of Tamil Eelam (LTTE)Illegal broadcast of Tamil Tigers (LTTE) propagandaPolitical[1]
2007Internet HijackingData CommsEnd users of government, military, research and pharmaceutical organizationsMilitary, Civilian, Government, CommercialRusssian Turla Hacking group“exploiting the vulnerability of asynchronous satellite internet connections to sniff traffic, distilling the IP addresses of satellite subscribers. All the attackers need then is to set up their servers with the same IPs, configure these addresses into their malware and, after a successful infection,wait for its call for C&C”Criminal[13]
2007HijackingGround SegmentCzech TV programmeCommercialUnknownCamera;s which usually show imagery of Prague and other locations, one had a feed tampered with onsite and video stream was replaced.(Video showed CGI of small nuclear explosion and white noise)Warning[1]
2007HijackingData CommsWJLA’s digital/HD signalsCommercialN/A AccidentalGrainy photo interrupted signals for two hours. Originally thought to be signal intrusion, was confirmed to be result of a malfunctioning HDTV encoderAccident[1]
2007CNEGround SegmentGoddard Space Flight CenterGovernmentUnknownAttack affected networks which processed data from the Earth Observing systemState Espionage[1]
2007JammingSpace SegmentLandsat-7GovernmentUnknownSatellite “experienced 12 or more minutes of interference”Unknown[14]
2007CNESpace SegmentISS computersGovernmentCompromised laptop brought on by Russian astronautUnknown- virus was designed to steal credentials for popular games and send back to central server. SpaceRef:”Virus was never a threat to any of the computers used for cmd and cntl and no adverse effect on ISS Ops.” Also brought to light than no AV measures were present and that windows XP was still in use in the systems, which prompted use of Linux.Accident[15,16]
2007ASAT IncidentSpace SegmentChinese weather satelliteGovernmentChinaAnti-satellite test with kinetic kill weapon destroyed defunct chinese weather satellite and created vast amounts of space debrisSatellite destruction[17,18]
2008ControlUnknown (but Ground is hypothesised)Terra EOS AM-1 satelliteGovernmentUnknownSatellite experienced several minutes of interference and the capability for the attacker to command was achieved but no commands were given. This occurred twice in 2008, in June, then again in October. Report states that commercially operated ground stations may have been weak point, however KSAT deny thisState Espionage[1,14]
2008ControlUnknown (but Ground is hypothesised)Terra EOS AM-1 satelliteGovernmentUnknownSatellite experienced several minutes of interference and the capability for the attacker to command was achieved but no commands were given. This occurred twice in 2008, in June, then again in October.State Espionage[1,14]
2008ControlSpace Segment, Ground SegmentInternational Space StationGovernmentUnknownA trojan horse infected the Johnson Space Centre's computers which provide an uplink to the ISS to attackers, disrupting several systems on board. This was aided by the out-of-date software in use onboard the ISSState Espionage[1]
2008JammingData CommsLandsat-7GovernmentUnknownSatellite “experienced 12 or more minutes of interference. The responsible party did not achieve all steps required to command the satellite”Unknown[1,14]
2008ASAT IncidentSpace SegmentUSA-193 recon satelliteMilitaryUSAUSA-193 satellite failed shortly after launch in 2006. US military confirmed they had shot it down with a missile to destroy itSatellite destruction[19]
2009HijackingData CommsUS Navy communication satellite frequenciesMilitaryVarious- university professors, electricians, truckers and farmersHijack of frequencies for personal CB radio usePersonal use[1]
2009EavesdroppingData CommsUS Military Predator DronesMilitaryIraqi Shi'a militia groupInsurgents captured unencrypted live video feeds from US military unmanned aircraft using a commercial software tool named SkyGrabberState Espionage[1]
2010Denial of Service (Accidental)Ground SegmentAccidental – GPS receiversCivilian, MilitaryGPS software updatesoftware update to gps ground segment caused a denial of service , impacting several thousand receiversAccident[8,20]
2010JammingData CommsPersian-language satellite broadcastsCommercialIranian sourceIntentional jamming of broadcasts of BBC, Deutsche Welle and EutelsatPolitical[1]
2011JammingData CommsLuaLua TV (Bahrani current affairs network)Commercial, Civilian, GovernmentWithin BahrainJammed for four hours after first transmissionPolitical[1,21]
2011JammingData CommsThuraya satellitesCommercialLibyan nationalsSignals jammed for six months, in an attempt to disrupt smuggling operations which used the Thuraya sat phonesStop criminal activity[1]
2011JammingData CommsEthiopian Sat TV (ESAT)CommercialEthiopian & Chinese GovernmentsJammed ESAT signals by 2 governmentsPolitical[1]
2011CNEGround SegmentJPLGovernmentChinese IPsAttack on JPL network, compromising credentials of employees, able to modify, add, delete files and users, full control over these networks. Another 46 APT attacks were reported, with 13 successfully compromising agency computers.State Espionage[22]This plus another 13 successful attacks for NASA systems in 2011.
2011Theft/LossGround SegmentNASA unencrypted laptopsGovernmentUnknownDisclosure of algorithms used to command ISS. Another 47 mobile computing devices reported lost or stolen between 2009 and 2011.State Espionage[22]This plus another 47 incidents between 2009 and 2011
2011CNEGround SegmentEuropean Space AgencyGovernmentHacker TinKodePosted screenshots of admin, FTP, network management credentials on internet mailing listHack and Leak[23]
2012JammingData CommsEritrean state-run sat TVGovernmentEthiopian Government (accused)Blocked transmissionsPolitical[1]
2012Denial of ServiceGround SegmentBBC Persia satellite feeds and phone linesCommercialIran (suspected)“suffered attempts to jam BBC Persian phone lines in London and a "sophisticated cyber-attack" on its systems.”Political[24]
2013JammingData CommsGPS receiver in Limo (civilian GPS)CivilianAmerican Limo driverDriver installed an illegal GPS jammer in his car to thwart the tracker in his car. Ended up jamming signals in s GPS-guidance system at Newark AirportPersonal use[25]
2013JammingData CommsAl-Jazeera Egyptian broadcastsGovernment (state-run media outlet)Unknown but reported to have originated from outside CairoJamming of Al-Jezeera egyptian TV signalsPolitical[26]
2013SpoofingData CommsGPS navigtaion system in a yachtCivilianResearchers“ "proof-of-concept" attack was successfully performed in June, 2013, when the luxury yacht White Rose of Drachs was misdirected with spoofed GPS signals...which altered the course of the yacht”.Research[27]
2014JammingData CommsARABSAT TV downlinksCommercialEthiopian SourceJammed signals which disturbed many TV channels- Arabsat speculated that it may be accidental and jammers were targeting nearby satellites as Arabsat doesn’t broadcast in Ethopia or Eritrea.Political[28]
2014CNEGround SegmentGermany’s space research centre in CologneGovernmentUnknown but state-level cyber actorsSuffered an intrusion, “malware on machines used by researchers and sysadmins”State Espionage[29]
2014CNEGround SegmentNational Oceanic and Atmospheric AdministrationGovernmentChina (suspected)Four websites were hacked, government was forced to shut down services, however purpose/impact of the attack was not made publicState Espionage[30,31]
2014HijackingData CommsIsreali Channel 10 broadcastsCommercialAl-Qassam Brigades (Hamas)Took over satellite feed to broadcast propagandaPolitical[32]
2015EavesdroppingData CommsIridium communications constellationCommercialSecurity ResearchersIridium satellite constellation communications were analysed and decoded to reveal clear text pager informationResearch[33]
2015CNEGround SegmentESA website and usersGovernmentHacking group AnonymousPublished database schema of ESA website, with info relating to users, collaboraters and subscribersHack and Leak[34]
2015CNEGround SegmentNASAGovernmentHacking collective AnonsecAnonsec “bought access to an agency computer from another hacker.” and then used it to pivot into network. Published 250 GB dump of data.Hack and Leak[35]
2016Phishing/CNEGround SegmentAerospace companiesCommercial, GovernmentAPT28 hacking group (sponsored by Russian intelligenceattackers used “a phishing email to lure the user into downloading a file that looks like a PDF but instead is malicious executable code”. Contained trojan.State Espionage & Corporate Espionage[36,37]
2016HijackingData CommsIsraeli Channel 2 broadcastCommercialHamasbroadcast was “suddenly interrupted, and TV screens filled instead with images and messages of incitement from Hamas, which warned of fresh terror attacks.”Political[38]
2017SpoofingData CommsShips in Black SeaCivilianRussia (allegedly)Maritime navigation systems onboard several vessels reported incorrect ship locations from false GPS signals. ““trying to trigger UAV geo-fencing, which prevents UAVs from flying near airports”Geo-fencing[39]
2017JammingData CommsAccidental- civilian GPSCivilianGPS jammer in parked carDriver in France left an operational GPS jammer in his car which was parked at Nantes airport – interfered with aircraft tracking systemsPersonal use[40]
2017CNE/PhishingGround SegmentAerospace companiesCommercial, MilitaryAPT33 group (iran)Phishing emails sent into aerospace companies to download trojan backdoor.State Espionage & Corporate Espionage[41]
2017HijackingData CommsLibyan Television broadcatsCommercialGaddafistsBroadcasts were interrupted by GaddafistsPolitical[42]
2017SpoofingData CommsGPS time spoofing for TOTP authentication methodCivilianResearchersAble to spoof GPS timing in an air-gapped network to bypass TOTP authenticationResearch[43]
2018CNEGround SegmentSatellite OperatorCommercialComputers in China, Thrip group“looking for and infecting computers running software that monitors and controls satellites” to potentially disrupt satellite operationsCorporate Espionage[44]
2018CNEGround SegmentNASAGovernmentUnknown“According to an internal memo circulated among staff on Tuesday, in mid-October the US space agency investigated whether or not two of its machines holding employee records had been compromised, and discovered one of them may have been infiltrated by miscreants. It was further feared that this sensitive personal data had been siphoned from the hijacked server.”State Espionage[45,46]
2019ASAT IncidentSpace SegmentMicrosat-R military satelliteMilitaryIndiaMicrosat-R test satellite was destroyed in LEO by ASAT weaponSatellite destruction[47]

Find below all references

1 Fritz, J.: Satellite Hacking: A Guide for the Perplexed. In: Culture Mandala: Bulletin of the Centre for East-West Cultural and Economic Studies, Vol. 10, No. 1, December 2012-May 2013, pp21-50
2 Hanasz, J.: Telewizja ,,Solidarność » Toruń 1985 r. Url: (archive) Accessed: 08/07/2019
3 SiGNaLToNoiSe.Net: The Story of Captain Midnight. Url: (archive) Accessed 08/07/2019
4 United States General Accounting Office: Critical Infrastructure Protection Commercial Satellite Security Should Be More Fully Addressed. In: Report to the Ranking Minority Member, Permanent Subcommittee on Investigations, Committee on Governmental Affairs, U.S. Senate. 2002
5  Lt. Col. Adams, T. K.: 10 GPS Vulnerabilities Url: Accessed 08/07/2019
6 Gary McKinnon profile: Autistic ‘hacker’ who started writing computer programs at 14 Url: Accessed 08/07/2019
7 Embassy of the People’s Republic of China in the United States of America: Chinese satellite TV hijacked by Falun Gong cult (07/08/02) Url: Accessed 08/07/2019
8 The Royal Academy of Engineering: Global NavigationSpace Systems:reliance and vulnerabilities Url: March 2011 Accessed 08/07/2019
9 Urban, M.: Enthusiast watches Nato spy pictures Url: June 2002 Accessed 08/07/2019
10 Waller J. M.: Iran and Cuba Zap U.S. Satellites In: Insight Magazine Url: August 2003 Accessed 08/07/2019
11 Hogg, C.:HK probes Falun Gong ‘hacking’  Url: November 2004 Accessed 08/07/2019
12 BBC News: Libya jamming ‘exposed vulnerability’ Url: January 2006 Accessed 08/07/2019
13 Kaspersky: Turla Hiding in the Sky Threat Announcement Url: Accessed 08/07/2019
14 2011 Report to Congress of the U.S.-CHINA Economic and Security Review Url: Accessed 08/07/2019
15 BBC News: Computer viruses make it to orbit Url: August 2008 Accessed 08/07/2019
16 Cowing, K.: NASA Discovers Computer Virus Aboard the International Space Station Url: Accessed 08/07/2019
17 Nicholson, B.: World fury at satellite destruction Url: Accessed 08/07/2019
18 Center for Space Policy and Strategy: Space Traffic Management in the Age of New Space Url: Accessed 08/07/2019
19 US shoots down rogue satellite Url:,,2-10-1462_2274693,00.html (archive) Feb 2008 Accessed 08/07/2019
20 Ferrazzani, M. and Zilioli, I.: ESA facing Cyber Security Concerns In: EUSpace Jean Monnet Module 2018 Url: Accessed 08/07/2019
21 Atkinson, S.:Bahrain TV station struggles as signal blocked Url: November 2011 Accessed 08/07/2019
22 Martin, P. K.:NASA Cybersecurity:  An Examination of the Agency’s Information Security In: Testimony before the Subcommittee on Investigations and Oversight,  House Committee on Science, Space, and Technology February 2012 Url: Accessed 08/07/2019
23 Leyden, J.: Royal Navy hacker claims to have broken into space agency site Url: Accessed 08/07/2019
24 Halliday, J.: BBC fears Iranian cyber-attack over its Persian TV service Url: March 2012 Accessed 09/07/2019
25 CBE New York: N.J. Man In A Jam, After Illegal GPS Device Interferes With Newark Liberty Operations Url: August 2013 Accessed 09/07/2019
26 O’Carroll, L.: Al-Jazeera: jamming traced to sites near Egyptian military bases Url: September 2013 Accessed 09/07/2019
27 The University of Texas at Austin: UT Austin Researchers Spoof Superyacht at Sea Url: July 2013 Accessed 09/07/2019
28 Arabsat is subject to Jamming and its Engineers succeed in locating its source Url: May 2014 Accessed 09/07/2019
29 Muncaster, P.:German space centre endures cyber attack Url: April 2014 Accessed 09/07/2019
30 Pagliery, J.: U.S. weather system hacked, affecting satellites Url: December 2014 Accessed 09/07/2019
31 Flaherty, M.P. and Samenow, J. and Rein, L.: Chinese hack U.S. weather systems, satellite network Url: November 2014 Accessed 09/07/2019
32 Leyden, J.: Hamas hacks Israeli TV sat channel to broadcast pics of Gaza wounded Url: July 2014 Accessed 09/07/2019
33 Sec and schneider:Iridium Hacking: please don’t sue us In:Chaos Communication Camp 2015
34 Storm, D.:Attackers hack European Space Agency, leak thousands of credentials ‘for the lulz’ Url: December 2014 Accessed 09/07/2019
35 Thomson, I.:Hackers mirror 250GB of NASA files on the web Url: February 2016 Accessed 09/07/2019
36 Cyber Defence Magazine: Fancy Bear Hackers use a new Mac Trojan against aerospace industry Url: September 2016 Accessed 09/07/2019
37 Jackson Higgins, A.:Russian ‘Fancy Bear’ Hackers Hit Mac OS X With New Trojan Url: September 2016 Accessed 09/07/2019
38 The Times of Israel: Hamas hacks into Israeli TV and threatens: ‘Terror will never end’ Url: March 2016 Accessed 09/07/2019
39 Leid, H.:GPS freaking out? Maybe you’re too close to Putin Url: September 2017 Accessed 09/07/2019
40 Resilient Navigation and Timing Foundation: GPS Jammer Delays Flights in France Url: September 2017 Accessed 09/07/2019
41 O’Leary,J. and Kimble, J. and Vanderlee, K. and Fraser, N.:Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to Destructive Malware Url: September 2017 Accessed 09/07/2019
42 The American Gaddafist: Gaddafists Hack Libyan TV Signal March 5, 2017: Accessed 09/07/2019
43 Robinson, D.: Using GPS Spoofing to control time In: DEFCON 25 July 2017 Url: Accessed 09/07/2019
44 Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies Url: June 2018 Accessed 09/07/2019
45 Williams, C: Houston, we’ve had a problem: NASA fears internal server hacked, staff personal info swiped by miscreants Url: December 2018 Accessed 09/07/2019
46 Potential Personally Identifiable Information (PII ) Compromise of NASA Servers Url: December 2018 Accessed 09/07/2019
47 Anantha Krishnan M:Explained Mission Shakti Url: March 2019 Accessed 08/07/2019