European security officials now believe two Russian satellites closely approached around 17 key geostationary connectivity satellites launched by Europe over the past three years. For telecom operators and wholesale carriers that depend on satellite backhaul, this activity exposes infrastructure long assumed to be physically secure to fresh cyber and kinetic threats.
Geostationary satellites orbit roughly 36,000 km above Earth and rotate with the planet so they appear stationary from the ground. These platforms support broadcasting, weather monitoring and a wide range of communications services. While authorities have not made specific public allegations about intercepted content, European security sources suspect that Russia may have captured sensitive transmissions from roughly 12 to 17 important European satellites.
The spacecraft implicated are Russia’s Luch-1, launched in 2014, and Luch-2, launched in 2023. Western tracking organisations observed both spacecraft carrying out repeated, unusual manoeuvres close to European satellites that provide services across the Middle East, Africa and Europe. The Russian units reportedly approached targets within 20 to 200 km and remained nearby for periods lasting weeks.
Major General Michael Traut, commander of the German Armed Forces’ Space Command, told the Financial Times that “both satellites are suspected of conducting signals intelligence (SIGINT) collection activities,” citing their proximity to Western communications assets.
Intelligence analysts say the Luch satellites positioned themselves inside the narrow cones formed by data beams from ground stations to the target satellites, potentially allowing interception of signals intended for those platforms.
Vulnerability of legacy infrastructure
The greatest exposure stems from the command-and-control architectures used by older geostationary satellites. Many of the satellites still operating were launched years ago and were not built with modern encryption for their telemetry and command links.
“We believe the Luch satellites intercepted the ‘command links’ of the targeted satellites—the communication channels that link satellites to ground control stations and enable orbital adjustments,” Traut added.
If an adversary records these exchanges, they can study the control protocols and message formats. With that knowledge, a threat actor could attempt to imitate a ground station and transmit false commands to a satellite’s attitude-control or station-keeping thrusters. Such commands could misalign antennas, disrupt communications, or — in extreme scenarios — force a satellite to deorbit.
That turns what might appear as passive surveillance into an active denial-of-service and physical-risk vector. European officials worry that an adversary could manipulate orbits, induce collisions or otherwise degrade satellite availability. While at least one European intelligence source assessed that Luch-1 and Luch-2 likely lack a direct capability to physically destroy other satellites, the data they may have collected could enable disruption from the ground or by other space-based assets.
Tracking the threat from Russian Luch satellites to European connectivity
Commercial space-tracking firms have corroborated these findings. Belinda Marzhan of SlingShot Aerospace told the FT that Luch-2 “is currently near Intelsat 39, a large satellite serving Europe and Africa.” SlingShot’s observations indicate Luch-2 has approached at least 17 geostationary satellites used for civilian and government communications since its 2023 deployment.
Analysts say this pattern of activity fits into a broader playbook of hybrid warfare that aims to degrade or control critical communications infrastructure without open kinetic conflict—comparable in intent to attacks on undersea internet and power cables.
The ability to inspect or closely approach satellites is not exclusive to Russia; the United States and China have also been implicated in similar operations. However, several assessments view Russia as operating a particularly active and overt space-espionage programme and using so-called satellite “stalking” more aggressively. The trend has continued with recent launches such as Cosmos 2589 and Cosmos 2590, which demonstrate comparable manoeuvring capabilities; Cosmos 2589 has been observed moving into the vicinity of geostationary assets.
For those responsible for connectivity supply chains, the old assumption that geostationary links are invulnerable to physical interference is no longer reliable. The European satellites targeted perform civilian functions like television distribution but also carry government and defence traffic. If an adversary records and later analyses command-and-control exchanges, they could develop methods to interfere with or even incapacitate those systems. Operators and leaseholders should therefore treat the encryption and protection status of command links on rented capacity as a substantive due-diligence consideration.
Industry leaders and operators must reassess risk models for space-based connectivity. Strengthening encryption on command and telemetry channels, increasing monitoring for close approaches, and ensuring robust incident response plans are practical steps to reduce exposure. As space becomes an increasingly contested domain, satellite operators, carriers and national authorities need coordinated strategies to protect critical orbital infrastructure and the services that depend on it.