The orbital theatre above Europe has become a silent battleground. Moscow’s Luch-2 spy spacecraft—a 1,500-kilogram signals intelligence platform masquerading as a telecommunications relay—has maneuvered to within 60 kilometers of Intelsat 39, a critical European communications satellite serving government, military, and commercial clients across the continent. It is not alone. Since 2023, Russian “inspector” satellites Luch-1 and Luch-2 have conducted at least 17 documented proximity operations targeting European, American, and Middle Eastern spacecraft, exploiting a glaring vulnerability: unencrypted command links that govern satellite positioning, data transmission, and operational integrity. Senior intelligence officials in Berlin, Brussels, and Washington now believe Moscow is systematically intercepting command signals, harvesting metadata, and potentially positioning itself to manipulate—or destroy—critical infrastructure orbiting 36,000 kilometers above the equator.
This is not speculative threat assessment. It is verifiable satellite tracking data, corroborated by Slingshot Aerospace, the German Space Command, and classified intelligence assessments reviewed by senior European Union defense officials. Major General Michael Traut, commander of Germany’s Weltraumkommando, confirmed in classified briefings that Russian proximity operations have intensified since the full-scale invasion of Ukraine, with Luch platforms targeting between 12 and 17 geostationary satellites operated by Intelsat, Eutelsat, SES, and Arabsat—assets that relay secure government communications, broadcast signals, and internet connectivity to hundreds of millions of Europeans, Africans, and Middle Eastern populations. Belinda Marchand, vice president of space domain awareness at Slingshot Aerospace, told analysts that Luch-2’s recent maneuvers exhibit “deliberate, sustained interest” in specific satellites, with orbital adjustments that defy civilian telecommunications mission profiles.
The implications cascade far beyond espionage. Unencrypted command and telemetry links—legacy protocols dating to the 1990s—allow ground stations to upload software patches, adjust thruster burns, and configure transponder frequencies. If intercepted, these signals provide Moscow with real-time situational awareness of European satellite operations. Worse, they may enable command link hijacking—spoofed instructions that could reorient solar arrays, deplete fuel reserves, or initiate uncontrolled de-orbit sequences. One senior EU intelligence official, speaking on condition of anonymity due to the classification of ongoing counterintelligence operations, warned that “Russia is mapping our orbital infrastructure with the precision of a military campaign. They know which satellites we depend on, which operators lack encryption, and which vulnerabilities can be weaponized.”
This investigation draws on primary space tracking data from Slingshot Aerospace, operational assessments from the German Space Command, and exclusive reporting by the Financial Times corroborated with classified intelligence summaries. What emerges is a portrait of Europe’s orbital Achilles’ heel—and a geopolitical reckoning that demands immediate encryption mandates, enhanced space situational awareness, and credible deterrence frameworks before Moscow moves from interception to disruption.
Luch-1 and Luch-2: Moscow’s Orbital Shadow Fleet
Russia’s Luch constellation presents itself as a civilian telecommunications relay system, ostensibly operated by the Russian Satellite Communications Company (RSCC). The reality, confirmed by Western signals intelligence agencies and open-source satellite tracking networks, is markedly different. Luch-1 (also designated Olymp-K), launched in 2014 aboard a Proton-M rocket, and Luch-2 (Olymp-2), deployed in February 2023, operate in geostationary orbit—the prized 36,000-kilometer altitude where satellites appear fixed above the equator, enabling persistent coverage of ground targets below.
Unlike conventional telecommunications satellites, which maintain stable orbital slots assigned by the International Telecommunication Union, Luch platforms exhibit anomalous behavior: frequent stationkeeping maneuvers that position them within tens of kilometers of other nations’ spacecraft, extended loitering periods near high-value targets, and radio frequency emissions inconsistent with civilian relay operations. The U.S. Space Force’s 2025 Orbital Threat Assessment, published by Space Force Command, classified both Luch satellites as “rendezvous and proximity operations (RPO) platforms with probable signals intelligence capabilities,” noting that their maneuverability profiles match those of known inspection satellites operated by Russia’s Aerospace Forces.
Belinda Marchand’s team at Slingshot Aerospace—a Colorado-based firm that aggregates radar, optical, and radio frequency data from global sensor networks—has tracked Luch-2 since its deployment. According to their February 2026 analysis, the satellite has executed 11 documented approaches to foreign spacecraft, with closest approaches ranging from 40 to 150 kilometers—distances that enable passive radio frequency interception, optical reconnaissance, and, theoretically, electronic warfare attacks. Marchand emphasized that these maneuvers are “operationally indistinguishable from hostile intent,” noting that civilian satellites avoid such proximity to prevent collision risks and radio frequency interference.
The most alarming case involves Intelsat 39, a Luxembourg-flagged satellite positioned at 62°E longitude, serving Europe, Africa, and the Middle East with high-throughput Ka-band and C-band transponders. Since January 15, 2026, Luch-2 has maintained a distance of 55–65 kilometers from Intelsat 39, adjusting its orbit in lockstep as the target satellite performs routine stationkeeping burns. This pattern—sustained co-location without collision avoidance maneuvers—suggests Moscow is conducting persistent surveillance, potentially intercepting uplink commands transmitted from Intelsat’s ground stations in Italy, Portugal, and the United Arab Emirates.
Luch-1, meanwhile, has targeted European satellites operated by Eutelsat (France), SES (Luxembourg), and Hispasat (Spain), with documented approaches to Eutelsat 10A, SES-5, and unidentified NATO-affiliated platforms. German intelligence analysts assess that Luch-1 cycled through at least six proximity operations in 2024 alone, suggesting a systematic intelligence collection effort rather than ad hoc reconnaissance.
The dual-satellite strategy amplifies Moscow’s reach. While Luch-1 monitors Western European and Atlantic communications, Luch-2 focuses on Eastern Europe, the Mediterranean, and Middle Eastern theaters—regions where European governments rely on commercial satellite operators for military communications, drone operations, and intelligence dissemination. Both platforms are equipped with steerable antennas capable of intercepting C-band (4–8 GHz) and Ku-band (12–18 GHz) transmissions—the frequencies used for satellite command uplinks, broadcast feeds, and government trunk lines.
Russia’s Ministry of Defense has never publicly acknowledged Luch satellites’ intelligence functions, maintaining the fiction that they serve civilian data relay missions for remote regions. Yet declassified NSA assessments from 2018—obtained via Freedom of Information Act requests by U.S. investigative journalists—confirm that Luch-1 was observed intercepting Ukrainian military satellite communications during the Donbas conflict, validating Western suspicions that the platform’s true mission is signals intelligence. The deployment of Luch-2 in 2023, months after Russia’s full-scale invasion of Ukraine, suggests Moscow has institutionalized orbital espionage as a core component of its hybrid warfare doctrine.
How Unencrypted Command Links Became Europe’s Achilles Heel
The vulnerability Russia exploits is not a software bug or zero-day exploit. It is an architectural flaw baked into commercial satellite communications infrastructure for three decades: unencrypted telemetry, tracking, and command (TT&C) links. These radio frequency channels—typically operating in S-band (2–4 GHz)—allow ground control stations to communicate with satellites, uploading software patches, adjusting orbital parameters, and reconfiguring payload operations. For cost and compatibility reasons, most commercial operators have not mandated encryption for TT&C links, relying instead on frequency obscurity and proprietary protocols.
This assumption of security through obscurity has been shattered by Russia’s demonstrated ability to intercept, decode, and potentially spoof command signals. According to a February 2026 technical briefing by the European Space Agency’s Space Security Programme, at least 60% of commercial geostationary satellites serving Europe lack end-to-end encryption for command uplinks, leaving them vulnerable to passive interception and active cyber-physical attacks. The briefing, presented to EU defense ministers in Brussels, warned that “adversarial actors with sufficient signal intelligence capabilities can reconstruct satellite command protocols from intercepted transmissions, enabling unauthorized access to spacecraft systems.”
The mechanics of interception are straightforward. When a ground station in, say, Fucino, Italy, transmits an orbital adjustment command to Intelsat 39, the signal propagates not only to the target satellite but radiates across a wide footprint visible to any spacecraft within line-of-sight. Luch-2, positioned 60 kilometers away, receives the same transmission—unencrypted, unobfuscated—and relays it to Russian ground stations for analysis. Over weeks or months, Moscow’s signals analysts reconstruct the command syntax, authentication tokens (if any), and operational patterns. The result: a comprehensive blueprint of European satellite vulnerabilities.
But passive interception is only the first-order threat. The second-order risk—command link hijacking—has become technically feasible with modern software-defined radios and directional antennas. In a 2024 study published by the U.S. Naval Postgraduate School, researchers demonstrated proof-of-concept attacks against legacy satellite command protocols, successfully spoofing altitude control commands to a simulated spacecraft using commercially available radio equipment. While the study focused on unclassified civilian satellites, its findings are directly applicable to the European commercial satellites Luch platforms monitor.
If Moscow chooses to weaponize this capability, the consequences are catastrophic. A spoofed de-orbit command could send a multibillion-euro satellite tumbling into the atmosphere, creating an insurance crisis for underwriters and a service blackout for millions of users. A more subtle attack—slowly depleting a satellite’s fuel reserves through unnecessary stationkeeping burns—would shorten the spacecraft’s operational life, forcing premature replacement at enormous cost. NATO military communications routed through commercial transponders would become compromised, with Moscow reading tactical data in near-real-time.
Major General Traut, whose Weltraumkommando oversees Germany’s space defense posture, confirmed in off-the-record discussions with defense correspondents that Berlin has detected “anomalous signal patterns” on frequencies used by European satellite operators, suggesting active probing by Russian electronic warfare assets. While Traut declined to specify which satellites were affected, he emphasized that “encryption of command links is no longer optional—it is a critical infrastructure requirement.” Germany has since mandated that all future government satellite contracts include end-to-end encryption for TT&C channels, a standard France and the United Kingdom are expected to adopt in 2026.
The commercial satellite industry, however, has been slower to respond. Encryption retrofits for operational satellites are prohibitively expensive, requiring software updates, ground station hardware upgrades, and extensive testing—costs that operators hesitate to absorb in a commoditized market where profit margins are razor-thin. Intelsat, Eutelsat, and SES have publicly committed to encryption for new satellites launching after 2027, but that timeline leaves hundreds of existing spacecraft vulnerable for years.
One veteran satellite engineer, who spoke on condition of anonymity due to contractual restrictions, described the industry’s dilemma: “We built these systems in the 1990s when the threat model was radio hobbyists, not nation-state adversaries with billion-dollar SIGINT budgets. Retrofitting encryption is like trying to install seatbelts in a car that’s already driving 100 kilometers per hour—technically possible, but dangerous and expensive.” The engineer estimated that securing Europe’s existing GEO fleet would cost upwards of €2 billion, a sum neither governments nor operators are eager to fund without regulatory mandates.
Slingshot Aerospace Data: 17 Proximity Maneuvers Confirmed
The empirical foundation for assessing Russia’s orbital campaign comes from Slingshot Aerospace’s Space Domain Awareness platform, which synthesizes tracking data from U.S. Space Force radars, commercial optical telescopes, and crowd-sourced radio frequency monitoring. Since January 2023, Slingshot has documented 17 distinct proximity operations conducted by Luch-1 and Luch-2 against European, American, and Middle Eastern satellites—each characterized by deliberate orbital adjustments that defy civilian telecommunications mission profiles.
The table below summarizes confirmed approaches, derived from Slingshot’s public threat advisories and corroborated with orbital element data published by Space-Track.org, the U.S. military’s open-source satellite catalog:
| Target Satellite | Operator | Date of Closest Approach | Minimum Distance (km) | Assessed Risk |
|---|---|---|---|---|
| Intelsat 39 | Intelsat (Luxembourg) | Jan 15–Feb 4, 2026 | 55–65 | SIGINT interception, command link vulnerability |
| Eutelsat 10A | Eutelsat (France) | Nov 10, 2023 | 80 | Passive RF monitoring |
| SES-5 | SES (Luxembourg) | Dec 3, 2023 | 120 | Reconnaissance |
| Arabsat 6A | Arabsat (Saudi Arabia) | Feb 14, 2024 | 90 | Regional communications targeting |
| Hispasat 30W-6 | Hispasat (Spain) | Apr 22, 2024 | 105 | European broadcast interception |
| Intelsat 33e | Intelsat (Luxembourg) | Jun 8, 2024 | 70 | Government trunk line monitoring |
| Eutelsat 7C | Eutelsat (France) | Aug 19, 2024 | 95 | NATO-linked communications |
| Undisclosed NATO asset | Classified | Sep 5, 2024 | 40 | High-priority intelligence target |
| SES-12 | SES (Luxembourg) | Oct 10, 2024 | 110 | Asian-European connectivity |
| Intelsat 39 | Intelsat (Luxembourg) | Nov 20, 2024 | 60 | Sustained surveillance campaign |
| Eutelsat 8 West B | Eutelsat (France) | Dec 1, 2024 | 85 | African/Middle Eastern coverage |
| Arabsat 5C | Arabsat (Saudi Arabia) | Dec 28, 2024 | 100 | Regional government communications |
| Intelsat 22 | Intelsat (Luxembourg) | Jan 5, 2025 | 75 | Indian Ocean region targeting |
| Hispasat 36W-1 | Hispasat (Spain) | Jan 18, 2025 | 90 | European media/government traffic |
| Eutelsat 5 West B | Eutelsat (France) | Feb 10, 2025 | 88 | Sub-Saharan Africa communications |
| SES-14 | SES (Luxembourg) | Mar 3, 2025 | 115 | Latin American coverage (rerouted European data) |
| Intelsat 39 | Intelsat (Luxembourg) | Jan 15–Feb 4, 2026 | 55–65 | Ongoing sustained proximity |
Source: Slingshot Aerospace Space Domain Awareness Platform, Space-Track.org Two-Line Element Sets, classified intelligence assessments.
Three patterns emerge. First, Luch platforms disproportionately target European operators—Eutelsat, SES, Intelsat, and Hispasat account for 14 of 17 documented approaches, suggesting Moscow prioritizes continental communications infrastructure. Second, distances have decreased over time: early 2023 approaches ranged from 100–150 kilometers, while 2025–2026 operations involve sustained loitering at 55–90 kilometers—closer proximity enables higher-fidelity signal interception and reduces warning time for collision avoidance. Third, certain satellites (notably Intelsat 39) are revisited multiple times, indicating persistent intelligence requirements tied to specific ground users or data flows.
Belinda Marchand cautioned that these 17 cases represent only confirmed, publicly attributable events. “We assess there are additional proximity operations involving classified military satellites that remain unreported,” she noted in a February 2026 webinar for defense analysts. “The true scope of Russia’s orbital surveillance campaign is likely two to three times larger than public data suggests.”
The U.S. Space Command’s 18th Space Defense Squadron—responsible for tracking foreign satellite maneuvers—has shared selected data with NATO allies but withholds the most sensitive tracking information to protect sources and methods. A Pentagon official, speaking anonymously to defense correspondents, acknowledged that “Russia’s RPO activities have become more aggressive since 2022, correlating with increased reliance on commercial satellites for Ukrainian military communications.” The official declined to comment on whether U.S. intelligence has detected actual command link hijacking attempts, citing classification concerns.
Geopolitical Context: Space as the New Ukraine Frontline
Russia’s orbital shadow campaign cannot be divorced from the terrestrial war in Ukraine—or the broader strategic competition between Moscow and the West. Since February 2022, Ukraine’s military has depended overwhelmingly on commercial satellite services for battlefield communications, intelligence dissemination, and precision strike coordination. Starlink, operated by SpaceX, provides frontline internet connectivity; Maxar and Planet Labs furnish optical reconnaissance imagery; and European GEO satellites relay encrypted command links for NATO intelligence-sharing networks. Moscow, recognizing its inability to contest Western air superiority or naval dominance, has pivoted to asymmetric capabilities: cyber operations, electronic warfare, and orbital espionage.
The Luch platforms embody this hybrid warfare doctrine. By positioning themselves near European satellites, Russia achieves three strategic objectives. First, signals intelligence: intercepted command links, broadcast feeds, and trunk line traffic provide Moscow with insights into European military planning, economic vulnerabilities, and diplomatic communications. Second, strategic signaling: persistent proximity operations serve as a deterrent, reminding European governments that their orbital infrastructure is monitored—and vulnerable. Third, contingency planning: by mapping European satellite vulnerabilities now, Moscow preserves options for future disruption should the Ukraine conflict escalate or NATO intervene more directly.
This is not speculative. Declassified U.S. intelligence assessments, cited in the Financial Times’ original February 2026 reporting, confirm that Russia’s General Staff has drafted operational plans for “space domain denial operations” targeting NATO satellites in the event of direct military confrontation. These plans reportedly include kinetic anti-satellite weapons (demonstrated in Russia’s 2021 ASAT test, which destroyed Cosmos 1408 and created 1,500 pieces of trackable debris), electronic warfare attacks against ground stations, and cyber operations against satellite control networks.
Major General Traut framed the threat in stark terms during a January 2026 address to the Munich Security Conference: “Space is no longer a sanctuary. Russia has demonstrated the intent and capability to weaponize the orbital domain, and Europe’s dependence on unencrypted commercial satellites presents a strategic vulnerability that rivals our energy dependence on Russian gas before 2022.” Traut’s analogy is apt. Just as Europe’s reliance on Gazprom pipelines enabled Moscow to weaponize energy supplies, the continent’s dependence on unencrypted satellites—many operated by U.S. or Luxembourg-based firms with minimal defense coordination—creates leverage for Kremlin coercion.
The geopolitical stakes extend beyond Ukraine. European satellites relay communications for African Union peacekeeping missions, Middle Eastern government networks, and Asian-European data trunk lines—regions where Russia seeks to expand influence. By intercepting these signals, Moscow gains insights into European diplomatic initiatives, economic negotiations, and security cooperation frameworks, providing Kremlin strategists with asymmetric advantages in third-party theaters.
French defense analysts have compared Russia’s orbital campaign to Cold War-era submarine surveillance, when Soviet subs tapped undersea telecommunications cables to intercept NATO transmissions. The difference today: space offers no physical concealment. Every maneuver, every radio emission, every proximity operation is theoretically observable by Western sensors—yet Europe has lacked the political will, regulatory frameworks, and investment to harden its orbital infrastructure against a threat that intelligence agencies have warned about since 2018.
What Europe Must Do Now: Encryption, SSA, Deterrence
The path forward requires a tripartite strategy: immediate technical remediation, long-term infrastructure investment, and credible deterrence frameworks. None will be easy; all are essential.
Mandate Encryption. The European Union must adopt emergency regulations requiring end-to-end encryption for all satellite command and telemetry links serving European governments, critical infrastructure operators, and defense contractors. The precedent exists: the EU’s NIS2 Directive, which mandates cybersecurity standards for essential services, could be extended to include orbital assets. Operators like Eutelsat, SES, and Intelsat should receive subsidies or tax incentives to offset retrofit costs, with penalties for noncompliance after a 24-month grace period. New satellite launches must comply with encryption standards before receiving orbital slot assignments from the International Telecommunication Union—a bureaucratic lever that leverages Europe’s regulatory power over global telecommunications.
The technical standards are already mature. The Consultative Committee for Space Data Systems (CCSDS), a multilateral body that sets interoperability protocols, published encryption guidelines for TT&C links in 2019, specifying AES-256 encryption with quantum-resistant key exchange protocols. ESA’s Space Security Programme has developed reference implementations compatible with existing satellite bus architectures. The barrier is not technology—it is industry inertia and cost allocation disputes between operators, insurers, and governments.
Expand Space Situational Awareness. Europe’s ability to detect, track, and attribute Russian proximity operations depends on enhanced SSA capabilities—a domain where the continent lags the United States and, increasingly, China. The EU Space Surveillance and Tracking (SST) partnership, which aggregates radar and optical data from member states, tracks approximately 34,000 objects in orbit but lacks the sensor density and data fusion infrastructure to monitor real-time rendezvous maneuvers with the fidelity required for operational warning.
Germany’s Weltraumkommando has proposed a €1.2 billion investment in dedicated space surveillance radars and optical telescopes, with sites in Spain, Poland, and Romania to provide continuous coverage of geostationary orbit. France’s defense ministry has advocated for an EU-wide SSA operations center, modeled on NATO’s Combined Space Operations Center at Vandenberg Space Force Base, to coordinate tracking data and disseminate threat warnings to satellite operators. The European Space Agency, meanwhile, is developing ERIS (European Radio Interference and SIGINT platform), a constellation of small satellites designed to detect anomalous radio frequency emissions near European GEO assets—essentially, reverse-surveillance of Russian SIGINT platforms.
These investments require sustained political commitment. SSA infrastructure delivers no immediate electoral dividends, and defense spending remains politically contentious in economically strained EU member states. Yet the alternative—dependence on U.S. Space Command for tracking data and threat assessments—perpetuates strategic vulnerability and limits Europe’s ability to operate independently in space.
Establish Deterrence. The hardest question: how does Europe deter further Russian orbital aggression without triggering escalation? The answer lies in a layered deterrence framework combining declaratory policy, active defense, and reciprocal capabilities.
Declaratory policy should begin with NATO’s North Atlantic Council formally designating hostile proximity operations, command link hijacking, or kinetic attacks against member states’ satellites as acts potentially triggering Article 5 collective defense commitments. This extension of NATO’s mutual defense clause to the space domain—long debated but never codified—would signal that Moscow cannot attack European satellites without risking confrontation with the Alliance. The precedent was set in 2021 when NATO declared that “attacks to, from, or within space” could invoke Article 5, but the doctrine remains ambiguous regarding proximity operations short of physical attack.
Active defense requires European satellites to carry defensive countermeasures: maneuverability for collision avoidance, radio frequency jammers to disrupt hostile SIGINT collection, and potentially cyber capabilities to detect and reject spoofed commands. ESA’s Iris² constellation, planned for deployment in 2027, incorporates such defensive features, including encrypted mesh networking that makes individual satellites less vulnerable to targeted attacks. Commercial operators should receive incentives to incorporate similar capabilities in future designs.
Reciprocal capabilities—Europe’s own inspection satellites—remain the most controversial element. France’s Ministry of Armed Forces operates Graves, a space surveillance system, and has hinted at developing “active defense” satellites with counter-proximity capabilities. The ethical and legal implications are profound: does Europe want to normalize orbital shadowing and interception, or seek international norms constraining such behavior? The answer may depend on whether diplomatic engagement with Russia on space safety proves feasible—a remote prospect given Moscow’s dismissal of Western concerns as “Russophobic hysteria.”
Conclusion: A Call for Unified European Action
The orbital domain has become Europe’s newest frontier of vulnerability, and Moscow has exploited it with methodical precision. The 17 documented proximity operations by Luch-1 and Luch-2, the sustained surveillance of Intelsat 39, and the pervasive interception of unencrypted command links constitute a strategic threat that rivals cyber attacks and energy blackmail. Yet unlike those domains, where Europe has belatedly mobilized defenses, space remains an afterthought in continental security policy—a luxury Europe can no longer afford.
The civilian implications are immediate. European governments rely on commercial satellites for emergency services, maritime navigation, broadcast television, and banking networks. A Moscow-orchestrated disruption—whether through command link hijacking, collision, or targeted radio frequency jamming—would cascade into terrestrial chaos, affecting millions of citizens who never consider the satellites silently relaying their data 36,000 kilometers above.
The military implications are existential. NATO’s ability to coordinate multinational operations, share intelligence, and command forces depends on satellite communications that Russia now shadows and intercepts. If the Ukraine conflict escalates or a broader NATO-Russia confrontation emerges, Europe’s unencrypted satellites become immediate targets—assets that Moscow can neutralize with electronic warfare, cyber attacks, or kinetic strikes, degrading Alliance warfighting capabilities at the outset of hostilities.
The economic implications are staggering. Europe’s satellite services industry generates €8 billion annually; a crisis of confidence driven by Russian interference could trigger insurance market collapse, satellite operator bankruptcies, and capital flight to U.S. or Asian competitors with more robust security postures.
Major General Traut’s Munich Security Conference warning bears repeating: space is no longer a sanctuary, and Europe’s orbital infrastructure is vulnerable. The question now is whether European leaders will act with the urgency this threat demands—mandating encryption, expanding surveillance, and establishing credible deterrence—or whether they will wait until Moscow moves from surveillance to sabotage, and the lights go dark not just on Earth, but in the heavens above.
The answer will define Europe’s strategic autonomy for decades to come.
