The Center for Strategic & International Studies (CSIS) has released the 2025 Space Threat Assessment, noting that the authors find it increasingly difficult to track the year-over-year number of cyberattacks targeting space systems. Though their numbers differ, some organizations try to keep tallies of cyberattacks by the type of entity and sector targeted, among other criteria.
According to the European Repository of Cyber Incidents (ERCI), a free database containing reports of worldwide cyberattacks, there were about 720 reported incidents across all sectors in 2024, with roughly 57 percent of incidents targeting critical infrastructure. Of that total number, the ERCI data disclosed that the database lists five attacks as specifically targeting the space sector in 2024, approximately the same number of attacks that targeted the space sector in 2023.
The report acknowledges that, consistent with trends noted in previous years, there has been no shortage of cyberattacks targeting government, critical infrastructure, and other sectors, including space, over the past year. However, accurately tallying and characterizing key aspects of these attacks, such as the attackers’ motivations and objectives, remains a significant challenge. In many cases, the discovery of a persistent cyber threat actor within a network does not reveal their true intentions, leaving critical questions about the actual target and purpose of the attack unanswered.
The 2025 Space Threat Assessment report notes that over the past year, concerning trends have largely continued rather than new developments emerging. Notably, there has been widespread jamming and spoofing of GPS signals in conflict zones, particularly in and around Russia and across the Middle East. Additionally, Chinese and Russian satellites in low Earth orbit (LEO) and geostationary Earth orbit (GEO) are exhibiting increasingly advanced maneuvering capabilities. These capabilities demonstrate operator proficiency and the use of tactics, techniques, and procedures that could be employed in space warfare, raising alarms among U.S. and allied officials.
Additionally, U.S. companies providing a commercial space service to government users, particularly defense and military ones, remain squarely in the crosshairs of nation states, with Russia in particular vocal about its intention to consider commercial assets used by the U.S. military as legitimate targets.
Clayton Swope, Kari A. Bingen, Makena Young, and Kendra LaFave noted in the report that no information publicly surfaced revealing how close Russia might be to launching a nuclear anti-satellite capability, though the U.S. and its international partners remain concerned that Russia could decide to deploy such a weapon.
Although the 2025 Space Threat Assessment report has not traditionally addressed U.S. counterspace capabilities, it would be difficult to assess the global counterspace landscape without noting the evolving U.S. posture toward space weapons and operations. In response to China’s rapid expansion of military space capabilities across all orbital regimes, senior U.S. Space Force leaders have repeatedly emphasized over the past year that the U.S. is prepared to conduct both offensive and defensive space operations and intends to field additional counterspace capabilities.
Similarly, while this report does not usually cover unintentional debris creation in orbit, this year’s assessment includes a discussion of the latent risks posed to space operations by accidental debris-generating events.
A recurring theme throughout this year’s report is the evolving role of space in future warfare. As space becomes increasingly normalized as a military operational domain, its integral role in joint operations makes it a legitimate target during conflict. Future wars will be fought in, through, and from space, with the potential for disruption and destruction in orbit on a scale comparable to that experienced on Earth during major conflicts.
Counterspace threats should therefore be understood within the broader context of adversary efforts to degrade the ability of the U.S. and its allies to fight, win wars, and maintain economic stability and daily life, not merely as attempts to disable individual space assets. Overall, space is becoming an increasingly contested and hazardous domain, deeply intertwined with both peacetime and wartime activities.
The 2025 Space Threat Assessment report said that counterspace weapons includes any offensive activity in cyberspace that targets space systems, including ground infrastructure, satellite terminals, space ports, and spacecraft. “Cyber operations can destroy or permanently disable a targeted system, although they can also be used to temporarily disrupt it or to conduct espionage, including gaining access to proprietary or sensitive technical information on a target network.”
The 2025 Space Threat Assessment report identified that this past year also saw the growth of commercial and military dual-use technologies that could be modified to serve a counterspace purpose. Companies working on in-space servicing and debris removal reached important milestones, demonstrating their ability to conduct rendezvous, proximity, and docking operations, techniques that could be used by anti-satellite weapons.
The behaviors of commercial satellites pursuing in-space servicing, inspection, debris removal, and other business use cases could easily be confused with counterspace operations, creating risks of misunderstandings and possibly unintended escalations in a crisis.
The report observed that Beijing’s actions over the last year point to an ever-increasing of space. Since the publication of the last threat report, continuing past trends, China has demonstrated dual-use, highly maneuverable satellites in orbit, and the tendency to maneuver and use fuel seemingly without regret. These activities point to growing operator proficiency and maturing space tactics, techniques, and procedures. Beijing also reorganized its armed forces, creating a specific force oriented around space operations.
“Though China has continued its aggressive cyber operations, few seem to specifically target space systems,” according to the 2025 Space Threat Assessment report. “Additionally, PRC officials and academics are more willing to publicly criticize U.S. behaviors in space, pointing to examples of where they claim the United States engages in the same space activities for which it criticizes China. Over the last year, the most concerning development to U.S. observers should be the launch and operation of increasingly advanced Chinese satellites.”
China continues to launch and operate highly maneuverable satellites, demonstrating an advanced level of technological and operational acumen that, if not already deployed for such purposes, could enable a formidable on-orbit counterspace arsenal.
Through the use of these satellites, Chinese operators are gaining experience in developing tactics and procedures that can be used for space warfighting, to include both defensive and offensive advanced space operations. Additionally, China is dramatically increasing its space launch capability, with several commercial providers coming online in the next few years.
The 2025 Space Threat Assessment report noted that each year, the PRC is launching more and more satellites, making characterization of those satellites more challenging year after year.
Throughout the past year, Russia has engaged in several provocative counterspace activities, in addition to allegedly working on a nuclear space-based anti-satellite weapon, according to revelations that first surfaced in February 2024. Last May, the U.S. accused Russia of launching a counterspace weapon, assessing it had ‘characteristics resembling previously deployed counterspace payloads’ in 2019 and 2022. Not long after launch, the Russian satellite, designated Cosmos 2576, proceeded to enter into a coplanar orbit with a U.S. government satellite, USA 314, maneuvers the U.S. government justifiably viewed with concern, as such actions could signal the positioning of a counterspace weapon.
As of late February, Cosmos 2576 was no longer operating in a synchronized orbit with USA 314, having begun maneuvers to raise its orbit in mid-February, possibly coinciding with the thaw in U.S.-Russian relations. In February, Russia launched Cosmos 2581, Cosmos 2582, and Cosmos 2583, acknowledged by Moscow as belonging to the Ministry of Defense, but little else is publicly known about their mission. Since then, Cosmos 2581 and Cosmos 2582 have moved in formation, coming as close as 100 meters apart on March 5, 2025—by any measure, a very close approach for two satellites.
The 2025 Space Threat Assessment report said that though Cosmos 2583 has yet to maneuver since reaching orbit, it did pass as close as 0.5 km to Cosmos 2581 and Cosmos 2582 on March 7, 2025. Additionally, as it has done since its launch in August 2022, Cosmos 2558, a satellite that the U.S. Space Force asserts is also a counter-space weapon, remained in a coplanar orbit with USA 326.
The report added that in addition to its counterspace efforts in space, Russia engages in jamming and spoofing GPS signals on Earth. Russian efforts to interfere with GPS signals stretch from the Baltic and Nordic nations, through Ukraine and Russia itself, to countries in the Black Sea region. Though efforts to jam and spoof GPS in Ukraine, including around Crimea in the Black Sea, have been ongoing since the start of the war, those efforts mushroomed to include many other regions in mid-2024.
“While it is difficult to point to a clear explanation for Russia’s interest in jamming and spoofing GPS signals across these regions, the growth of GPS interference in Russia itself is a response to Ukrainian attacks on Russia using GPS-guided drones and missiles as point defense,” the 2025 Space Threat Assessment report detailed. “Russia has also tried to interfere with Ukrainian television broadcasts from satellites, including attempting to jam signals from one of the Amos satellites in August 2024. “
As it has done in prior years, Russia threatened the private sector for supporting the U.S. national security mission in space. In March 2024, a spokesperson for Russia’s Ministry of Foreign Affairs said that Russia is ‘aware of Washington’s efforts to attract the private sector to serve its military space ambitions,’ and that such systems ‘become a legitimate target for retaliatory measures, including military ones.’
Russia also complained during the UN General Assembly in October 2024 that the U.S. and its allies use civilian and commercial space infrastructure for military purposes, arguing that such activities jeopardize the peaceful use of space.
Last July, the FBI and other partners issued a joint cybersecurity advisory warning of North Korean cyber espionage activities targeting defense, aerospace, nuclear, and engineering entities around the globe to advance North Korea’s military and nuclear capabilities. Mandiant identified a cyber threat group in June 2024 with probable ties to North Korea that conducted phishing attacks pretending to be from an energy company and aerospace industry entity while targeting other entities in those sectors.
The 2025 Space Threat Assessment report detailed that Iran has pursued cyberattacks against aerospace and satellite infrastructure, among other targets, over the last year. Microsoft and Palo Alto Networks published reports in March and August 2024, respectively, that provided more details on the Peach Sandstorm incidents. Both reports assessed that this cyber campaign was directed by the Iranian Islamic Revolutionary Guard Corps as part of ongoing efforts to gather intelligence and conduct social engineering attacks.
According to Microsoft, this same Iranian cyber threat actor has conducted prior attacks targeting the aerospace, construction, defense, education, energy, financial services, healthcare, government, satellite, and communications sectors in multiple countries. In February 2024, Mandiant reported on malicious cyber activity aimed at espionage, linked to Iran’s Islamic Revolutionary Guard Corps that targeted the aerospace and defense sectors in the Middle East and possibly Turkey, India, and Albania.
The 2025 Space Threat Assessment report highlighted that because some cyberattacks are only made public by the attackers with no confirmation from the victim organization, it can be difficult to understand the full impact of hacks or even know for certain whether an attack took place. “Frequently, hackers publicly post screenshots or other evidence of a successful cyber exploit, to demonstrate data theft, to claim credit for the hack, or in the case of ransomware attacks, to pressure victims to comply with financial demands.”
But hackers, particularly ones motivated by geopolitical or ideological aims, could also theoretically claim credit for attacks that never took place or exaggerate the scope of their exploits for propaganda purposes.
Last August, the CSIS published a report that identified the significance of undersea cables and why they matter. It also explored the vulnerability of cable systems and the potential for Chinese exploitation, and Russian threats to undersea infrastructure. The CSIS report also prescribes recommendations to counter undersea great power competition.
