This post is also available in:
עברית (Hebrew)
An emerging cyber incident involving Spacecom—the operator of Israel’s AMOS satellite fleet—has drawn attention after a pro-Palestinian hacker group claimed it had gained access to the company’s ground control infrastructure. The group, known as Handala, posted details of the alleged breach on its dark web site, a platform it regularly uses to publicize cyberattacks against Israeli and Western organizations.
According to Cybernews researchers, who examined the post, the attackers claim to have exfiltrated 379GB of data from Spacecom systems, including files purportedly linked to ground station operations across multiple countries.
To support its claims, the group published a compressed archive—roughly 960MB in size—containing a selection of data. Analysis of the sample by the cybersecurity researchers revealed a mix of documents, including satellite log files in RINEX format, and copies of non-disclosure agreements related to AMOS-17, one of Spacecom’s communication satellites.
While the presence of satellite operation logs could suggest some level of system access, experts note that such data alone is of limited strategic value. For it to be actionable in a security context, it would need to be accompanied by access credentials or additional technical information. As such, the immediate risk to satellite control capabilities appears low.
The Researchers also identified a secondary concern: some of the leaked documents contain employee-related information, which could be exploited in social engineering attacks aimed at compromising internal systems indirectly.
Despite the scale of the data claimed, there is skepticism among analysts regarding the extent of the intrusion. So far, there is no verifiable evidence that critical satellite control systems were compromised or that the attackers obtained high-level access.
Spacecom, which provides communication services across the Middle East, Europe, and Africa via its AMOS fleet, has not yet issued a public statement regarding the incident.
The case highlights the growing intersection between political motivations and cyber threats targeting critical infrastructure. While the severity of this specific breach remains unclear, the situation reinforces the need for continuous security oversight of satellite operations and their associated ground systems.
