Key Takeaways:
- The year 2025 was marked by significant cybersecurity incidents, including high-profile attacks on companies like Jaguar Land Rover and SK Telecom.
- The National Reconnaissance Office (NRO) launched a space cyber program to serve as the central hub for space cyber activities across the agency.
- The use of AI in cyber attacks became more prevalent, with AI-powered malware and AI-driven attacks becoming a major concern.
- Space is becoming a more contested domain, with threat actors targeting satellite communications technology and exploiting legacy protocols, insecure firmware, and unpatched systems.
- The importance of cybersecurity in the space industry was highlighted by incidents like the Cloudflare outage and the Salesforce security incident.
- The need for robust cybersecurity measures, including encryption, secure coding practices, and supply chain risk management, is becoming increasingly important.
Introduction to 2025 Cybersecurity Incidents
2025 was a year of significant change in the cybersecurity landscape, with high-profile incidents and massive data breaches making headlines. The conversation about cybersecurity for space systems has become mainstream, and the importance of this topic was evident at the CyberSat event, which took place in November. Despite the challenges posed by a U.S. government shutdown, the event drew hundreds of attendees, highlighting the growing interest in space cybersecurity.
NRO Launches Space Cyber Program
At CyberSat, the National Reconnaissance Office (NRO) announced the establishment of a space cyber program, which will serve as the central hub for space cyber activities across the agency. The program is built on three pillars: establishing clear strategic priorities for space security, accelerating the integration of cybersecurity capabilities into space systems, and flattening decision-making hierarchies. The NRO’s Space Cyber Program will have a direct line to the Cybersecurity and Infrastructure Security Agency (CISA) and will tie together all aspects of space cyber for policy and governance, R&D, engineering, acquisition, and operations.
Ukraine Confirms Russia Space Cyber Attack
In 2025, Ukraine confirmed a successful cyber attack against Russia’s Dozor-Teleport, which was conducted in 2023. The attack was attributed to the Ukrainian Cyber Alliance (UCA) and highlights the use of cyber attacks as a tool of warfare. The incident also underscores the importance of communication about cyber attacks, as the confirmation of the attack provided valuable insights into the tactics and strategies employed by threat actors.
Don’t Look Up: Satellite Security Research
A research paper titled "Don’t Look Up" revealed shocking details about the ease with which customer data can be acquired from satellite systems lacking proper encryption. The researchers used an off-the-shelf satellite receiver system to intercept communications from geosynchronous satellites and assemble a collection of private data. The study highlights the need for robust cybersecurity measures, including encryption, to protect satellite communications.
The $2.6 Billion Jaguar Land Rover Cyber Attack
A cyber attack on Jaguar Land Rover (JLR) in 2025 was described as the biggest cyber attack in the U.K.’s history, with a financial impact of 1.9 billion pounds ($2.6 billion). The attack highlights the vulnerability of complex supply chains and the potential for cyber attacks to have far-reaching consequences. The incident also underscores the importance of robust cybersecurity measures, including supply chain risk management, to prevent similar attacks.
SK Telecom: Major Telco Suffers Major Incident
SK Telecom, one of the largest telcos in Asia, suffered a major cyber attack in 2025, which put data at risk for close to 27 million customers. The company has since launched an Information Protection Innovation Plan, investing 700 billion South Korean won ($475 million) over the next five years to build a world-class information protection system. The incident highlights the importance of robust cybersecurity measures, including encryption and secure coding practices, to protect customer data.
AI, AI, and More AI
The use of AI in cyber attacks became more prevalent in 2025, with AI-powered malware and AI-driven attacks becoming a major concern. The operationalization of AI on both sides of the arms race is expected to continue, with AI agents and early multi-agent/agentic AI systems being deployed in both security operations and offensive tradecraft. The use of AI in cyber attacks highlights the need for robust cybersecurity measures, including AI-powered security solutions, to detect and prevent AI-driven attacks.
China and North Korea
China’s cyber army launched over 2.6 million intrusion attempts per day targeting Taiwan’s critical infrastructure in 2025, according to Taiwan’s National Security Bureau. The number of cyberattacks represented a six percent increase compared to 2024. North Korea has also been identified as a major player in cyber, with advanced cyber capabilities and a history of cyber attacks. The rise of the DPRK IT worker threat, which involves North Korean-linked operators infiltrating Western and Asian technology companies by posing as remote contractors, is a significant concern.
The Era of Space Collaboration Appears to be Over
The days of space not being a contested domain are now over, and the era of space collaboration appears to be coming to an end. Threat actors are targeting satellite communications technology, and the use of AI in cyber attacks is becoming more prevalent. The importance of robust cybersecurity measures, including encryption, secure coding practices, and supply chain risk management, is becoming increasingly important in the space industry.
Cloudflare Outage is Global News
A major incident at Cloudflare, a major internet infrastructure firm, led to a number of high-profile sites going down, including ChatGPT and X. The incident highlighted the fragility of communications systems and their reliance on companies like Cloudflare. The outage also underscored the importance of robust cybersecurity measures, including redundancy and failover systems, to prevent similar incidents.
Salesforce Makes Headline News in August
A high-profile security incident involving Salesforce was reported in August 2025, which made a big noise in the cyber community. The incident involved a widespread supply chain intrusion targeting Salesforce environments via compromised Salesloft Drift integrations. The attack highlights the importance of robust cybersecurity measures, including supply chain risk management and secure coding practices, to prevent similar incidents.
