Overview

The Indian government has officially confirmed that multiple major airports across the country experienced cyber attacks that interfered with aircraft navigation systems. The incident involved GPS spoofing activity that disrupted navigation signals and affected several major aviation hubs including Delhi, Bengaluru, Kolkata, Mumbai, and Hyderabad.
These attacks highlight growing cyber risks to critical aviation infrastructure and raise urgent concerns around the security of satellite based navigation systems.

Key Facts of the Incident

What Happened

According to government disclosures, unidentified actors attempted to interfere with Global Navigation Satellite System (GNSS) signals around major airports.
Pilots approaching runways reported receiving inaccurate or misleading GPS positional data during flight operations.
The affected airports include:

• Indira Gandhi International Airport (Delhi)

• Chhatrapati Shivaji Maharaj International Airport (Mumbai)

• Kempegowda International Airport (Bengaluru)

• Netaji Subhas Chandra Bose International Airport (Kolkata)

• Rajiv Gandhi International Airport (Hyderabad)

Despite the digital interference, no flights were cancelled and airport operations continued due to fallback procedures and manual handling by air traffic control teams.

Nature of the Attack

The government described the incident as GPS spoofing.
GPS spoofing occurs when a malicious transmitter sends fake GPS signals to aircraft or ground systems. The target device then calculates incorrect position or time information.
Such attacks can:

• Mislead pilots about altitude or approach alignment

• Disrupt automated landing systems

• Affect runway approach accuracy

• Create a safety risk during low visibility operations

The interference in this case was concentrated near runway approach paths.

Government and Aviation Authorities Response

The Airports Authority of India and Directorate General of Civil Aviation have begun a coordinated investigation.
Authorities have activated the following actions:

• Real time reporting of any GNSS interference

• Technical analysis of spoofed signals

• Involvement of the Wireless Monitoring Organisation to trace the origin of the transmissions

• Cross checking with radar and ground based navigation systems

• Strengthening of standard operating procedures issued in November 2025 for handling satellite navigation disruptions

Airports have also been asked to keep additional surveillance teams on standby and to increase monitoring of frequency bands used for aviation communication.

Impact Assessment

Although operational disruption was limited, the incident underscores significant vulnerabilities in aviation digital infrastructure.
Key observations include:

1. GPS dependent landing procedures can be manipulated through relatively inexpensive spoofing devices.

2. Large airports are increasingly becoming high value targets for cyber attackers.

3. Traditional cybersecurity frameworks do not fully cover satellite signal based threats.

4. Civil aviation needs multilayered redundancy across navigation systems.

India is one of the largest aviation markets in the world and relies heavily on GNSS signals for modern landing procedures, making these attacks extremely concerning.

Why This Matters

At ClearPhish, we continuously track emerging cyber threats that impact public safety and national infrastructure.
GPS spoofing attacks are no longer theoretical and have been used in multiple parts of the world.
This incident demonstrates that attackers are expanding from conventional cyber intrusions into domains that directly affect physical safety.
Critical infrastructure sectors including aviation, maritime, logistics, and transportation now face high exposure to cyber interference with location based systems.

Strengthening resilience will require improved monitoring, stronger detection systems, pilot training for GPS denial scenarios, and rapid multi agency escalation processes.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.