European security officials believe two Russian satellites likely approached 17 key connectivity satellites in geo orbit launched by Europe over the past three years. For telecoms operators and wholesale carriers relying on satellite backhaul, this exposes infrastructure previously considered secure to new physical and cyber risks.
Geostationary satellites sit approximately 36,000 km above the Earth, matching the planet’s rotation to appear stationary to ground observers. These platforms are widely used for broadcasting, weather observation, and communication networks. While specific eavesdropping allegations remain undisclosed, European security officials suspect Russia may have exposed sensitive data transmitted by 12 to 17 vital European satellites.
The Russian spacecraft involved are Luch-1, launched in 2014, and Luch-2, launched in 2023. Western space authorities tracked these units performing repeated suspicious manoeuvres near European satellites serving the Middle East, Africa, and Europe. The Russian satellites approach within 20 to 200 km of their targets and linger for weeks.
Major General Michael Traut, commander of the German Armed Forces’ Space Command, told the FT: “Both satellites are suspected of conducting signals intelligence (SIGINT) collection activities,” referring to their proximity to Western communication assets.
Intelligence officials believe the Luch satellites positioned themselves close enough to enter the narrow cone of data beams transmitted from ground stations, allowing them to intercept signals intended for the target satellite.
Vulnerability of legacy infrastructure
The primary risk lies in the command and control architecture of older satellites. Many satellites currently in operation were launched years ago and lack encryption, leaving sensitive command data unencrypted.
“We believe the Luch satellites intercepted the ‘command links’ of the targeted satellites—the communication channels connecting satellites to ground control stations, enabling orbital adjustments,” Traut added.
If an adversary records this data, they can analyse the communication protocols. With this information, it becomes possible to mimic ground stations and send false commands to manipulate thrusters responsible for minor orbital adjustments. These thrusters could misalign satellites or force them to deorbit and crash into Earth.
This capability turns a passive espionage threat into an active denial-of-service risk. European officials worry Russia could manipulate orbits or even induce collisions. While a European intelligence official assessed that Luch-1 and Luch-2 likely lack the capability to directly jam or destroy satellites, Russia may have gathered intelligence on how to disrupt these systems from the ground or orbit.
Tracking the threat from Russian Luch satellites to European connectivity
Commercial space-tracking firms corroborate the assessments. Belinda Marzhan of SlingShot Aerospace told the FT that Luch-2 “is currently near Intelsat 39, a large satellite serving Europe and Africa.” SlingShot data shows Luch-2 has orbited at least 17 GEO satellites used for civilian and government communications since its 2023 launch.
This orbital activity fits within broader hybrid warfare tactics, akin to underwater internet and power cable cuts.
The capability to inspect satellites is not unique to Russia, with the US and China also accused of similar actions. However, Russia is assessed to operate the most advanced space espionage programme, using it more aggressively for satellite “stalking”. This trend continues with the launch of Cosmos 2589 and Cosmos 2590 last June. These possess similar manoeuvring capabilities to the Luch series, with Cosmos 2589 now moving toward the range of GEO satellites.
For leaders managing connectivity supply chains, the assumption that GEO links are physically secure is outdated. The targeted European satellites handle civilian purposes like TV, but also government and military communications. If adversaries record and analyse this data, they could later interfere with or destroy the satellites. Operators must evaluate the encryption status of command links on leased capacity as a material due diligence item.
See also: Attackers target public-facing applications over ransomware in 2025
Want to learn more about cybersecurity from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events including the AI & Big Data Expo. Click here for more information.
Telecoms is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.
