New research reports more than 237 cyber operations targeting space systems from 2023–2025.
A new assessment warns that cyber actors now threaten satellites and communications networks.
It states that 237 operations struck the space sector between January 2023 and July 2025 during the Gaza conflict.
Researchers at the Center for Security Studies (CSS) at ETH Zürich compiled social media posts, news reports, and cybercrime-forum data.
They gathered information about attacks on Israeli space assets and international agencies.
Analysts observed the most dramatic surge during the Israel–Iran escalation in June 2025.
Threat actors launched 72 operations that month.
This total made up nearly one-third of all recorded incidents, according to author Clémence Poirier.
The report states that cyber activity against space systems now follows a broader wartime pattern.
It compares the trend to operations documented during Russia’s latest invasion of Ukraine.
Researchers identified all but one threat actor as pro-Palestinian groups.
The study notes that Hamas lacks satellites or space systems over Gaza.
It proposes that pro-Israeli groups may have executed covert operations.
Tactics Used Against Space-Linked Organizations
Ten attacks struck in October after Hamas carried out its armed incursion on 7 October 2023.
These operations hit organisations such as the Israel Space Agency (ISA) and the defence firm Rafael.
The report states that the escalation surprised hacktivists worldwide.
It explains that they needed time to coordinate and select targets.
Hacktivists eventually attacked 77 space-related organisations or companies during the Gaza conflict.
Rafael, Elbit Systems, and the ISA faced the largest number of incidents.
International bodies, including NASA, also appeared on target lists.
The report clarifies that most attackers focused on aerospace and defence firms because they produce military hardware.
They did not select them solely for their space activities.
More than 70 per cent of space-related cyber operations used denial-of-service (DDoS) attacks.
These attacks overwhelm networks with traffic until systems fail.
Attackers use DDoS tools quickly and with limited technical skill.
The report adds that actors often use DDoS attacks to distract from deeper intrusions.
Other operations involved data leaks, intrusions, and breaches.
Some actors timed leaks or sales of data to major conflict events.
The study admits difficulty verifying these claims and warns of possible fabrication.
It concludes that manual open-source analysis revealed many incidents.
It suggests that the real volume of activity is likely much larger.
Expanding Patterns of Conflict in Orbit
The largest surge occurred when Israel and Iran attacked each other for 12 days in June 2025.
Threat actors launched 72 operations during that period.
Pro-Palestinian and pro-Iranian groups targeted Israel simultaneously.
The report states that the two conflicts shaped each other politically, militarily, and rhetorically.
It notes that actors in one arena often operated in the other.
Hacktivists reused methods from earlier conflicts and applied them to the Gaza conflict.
A 2023 DDoS attack by the “Cyber Army of Palestine” on the ISA used code similar to that of the IT Army of Ukraine.
Most incidents caused limited physical or operational damage.
However, the report states that the pattern signals the trajectory of space-focused cyber conflict.
The authors argue that cyber operations against space infrastructure now appear as consistent features of modern warfare.
They attribute this trend to hacktivist interest in striking space-related entities.
The study calls for dedicated cyber strategies to safeguard space systems from future attacks.
