Cyber Attacks Disrupt Navigation at Major Indian Airports as Government Confirms GPS Spoofing Incident

Dec 2, 2025

Overview

The Indian government has officially confirmed that multiple major airports across the country experienced cyber attacks that interfered with aircraft navigation systems. The incident involved GPS spoofing activity that disrupted navigation signals and affected several major aviation hubs including Delhi, Bengaluru, Kolkata, Mumbai, and Hyderabad.
These attacks highlight growing cyber risks to critical aviation infrastructure and raise urgent concerns around the security of satellite based navigation systems.

Key Facts of the Incident

Category

Details

Attack Type

GPS Spoofing targeting GNSS signals

Affected Airports

Delhi, Mumbai, Bengaluru, Kolkata, Hyderabad, and others

Impact on Flights

No cancellations, but inaccurate navigation data reported

Government Response

Investigation by AAI, DGCA, and WMO

Risk Level

High for navigation safety and critical infrastructure

Date Confirmed

Early December 2025

What Happened

According to government disclosures, unidentified actors attempted to interfere with Global Navigation Satellite System (GNSS) signals around major airports.
Pilots approaching runways reported receiving inaccurate or misleading GPS positional data during flight operations.
The affected airports include:

  • Indira Gandhi International Airport (Delhi)

  • Chhatrapati Shivaji Maharaj International Airport (Mumbai)

  • Kempegowda International Airport (Bengaluru)

  • Netaji Subhas Chandra Bose International Airport (Kolkata)

  • Rajiv Gandhi International Airport (Hyderabad)

Despite the digital interference, no flights were cancelled and airport operations continued due to fallback procedures and manual handling by air traffic control teams.

Nature of the Attack

The government described the incident as GPS spoofing.
GPS spoofing occurs when a malicious transmitter sends fake GPS signals to aircraft or ground systems. The target device then calculates incorrect position or time information.
Such attacks can:

  • Mislead pilots about altitude or approach alignment

  • Disrupt automated landing systems

  • Affect runway approach accuracy

  • Create a safety risk during low visibility operations

The interference in this case was concentrated near runway approach paths.

Government and Aviation Authorities Response

The Airports Authority of India and Directorate General of Civil Aviation have begun a coordinated investigation.
Authorities have activated the following actions:

  • Real time reporting of any GNSS interference

  • Technical analysis of spoofed signals

  • Involvement of the Wireless Monitoring Organisation to trace the origin of the transmissions

  • Cross checking with radar and ground based navigation systems

  • Strengthening of standard operating procedures issued in November 2025 for handling satellite navigation disruptions

Airports have also been asked to keep additional surveillance teams on standby and to increase monitoring of frequency bands used for aviation communication.

Impact Assessment

Although operational disruption was limited, the incident underscores significant vulnerabilities in aviation digital infrastructure.
Key observations include:

  1. GPS dependent landing procedures can be manipulated through relatively inexpensive spoofing devices.

  2. Large airports are increasingly becoming high value targets for cyber attackers.

  3. Traditional cybersecurity frameworks do not fully cover satellite signal based threats.

  4. Civil aviation needs multilayered redundancy across navigation systems.

India is one of the largest aviation markets in the world and relies heavily on GNSS signals for modern landing procedures, making these attacks extremely concerning.

Why This Matters

At ClearPhish, we continuously track emerging cyber threats that impact public safety and national infrastructure.
GPS spoofing attacks are no longer theoretical and have been used in multiple parts of the world.
This incident demonstrates that attackers are expanding from conventional cyber intrusions into domains that directly affect physical safety.
Critical infrastructure sectors including aviation, maritime, logistics, and transportation now face high exposure to cyber interference with location based systems.

Strengthening resilience will require improved monitoring, stronger detection systems, pilot training for GPS denial scenarios, and rapid multi agency escalation processes.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Google and FBI Disrupt NetNut Proxy Botnet, Cutting Off 2 Million Infected Android Devices

Jul 6, 2026

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Cisco SD-WAN Zero-Day Under Active Attack: How Hackers Achieved Root Access

Jun 26, 2026

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Klue OAuth Breach Expands as Icarus Hackers Claim Salesforce Data Theft

Jun 23, 2026

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

Jun 17, 2026

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Microsoft June 2026 Patch Tuesday Fixes 200 Vulnerabilities and 3 Zero-Days

Jun 10, 2026

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

ChatGPT Share Links Abused to Deliver Malware Through Fake OpenAI Outage Pages

Jun 3, 2026

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.