Full Report
The Economic Times reports: The government on Monday confirmed that several major airports — including Delhi, Mumbai and Bengaluru — detected GPS spoofing signals last month, but assured that flight operations were not affected. The clarification came in the Rajya Sabha amid growing concern over a recent navigation scare at Delhi’s Indira Gandhi International Airport... Source
Analysis Summary
# Incident Report: Major Airport GPS Spoofing Incidents
## Executive Summary
Multiple major Indian airports, including Delhi (IGIA), Mumbai, and Bengaluru, experienced incidents involving GPS spoofing signals detected "last month" (relative to the article date of Dec 2, 2025). While the government confirmed the detections, they assured that flight operations were not affected. The primary known impact involved navigational disruption during GPS-based landing procedures on specific runways, necessitating the use of contingency procedures.
## Incident Details
- **Discovery Date:** Not specified, but detections occurred "last month" (prior to report date of Dec 2, 2025).
- **Incident Date:** "Last month" (prior to December 2025).
- **Affected Organization:** Delhi IGI Airport (IGIA), Mumbai Airport, Bengaluru Airport (and others implied).
- **Sector:** Aviation, Critical Infrastructure (Air Transportation).
- **Geography:** India (National level concern, specific incidents noted at IGIA, Mumbai, Bengaluru).
## Timeline of Events
### Initial Access
- **Date/Time:** Unknown/Not specified.
- **Vector:** Broadcasting of malicious GPS spoofing signals targeting aircraft navigation systems.
- **Details:** Signals were picked up near IGIA, New Delhi, specifically while aircraft were using GPS-based landing procedures on Runway 10.
### Lateral Movement
- *Not Applicable to this physical/RF-based electronic interference incident.*
### Data Exfiltration/Impact
- **Impact:** Potential risks to aviation safety and disruption of accurate navigation during approach/landing. The government reported no official impact to flight operations continuity.
### Detection & Response
- **Detection:** Flights approaching RWY 10 at IGIA reported GPS spoofing errors. The Wireless Monitoring Organisation (WMO) was deployed to trace the source.
- **Response actions taken:** Contingency procedures were immediately used for the affected flights approaching RWY 10.
## Attack Methodology
*Note: As this is an RF-based interference attack rather than a traditional network intrusion, many cyber terminology classifications do not apply directly.*
- **Initial Access:** Broadcast of synthetic/spoofed GPS signals designed to mimic legitimate satellite signals, confusing aircraft receivers.
- **Persistence:** Unknown; dependent on the ongoing transmission of the jamming/spoofing source.
- **Privilege Escalation:** N/A
- **Defense Evasion:** Evasion relies on overwhelming or mimicking genuine navigation signals, bypassing standard electronic flight instrument integrity checks.
- **Credential Access:** N/A
- **Discovery:** The attack was observed through aircraft crew reporting navigation anomalies detected during GPS-dependent flight phases.
- **Lateral Movement:** N/A
- **Collection:** N/A
- **Exfiltration:** N/A
- **Impact:** Interference with Aircraft Navigation Systems (Principle of Operation: Denial of Service/Manipulation of Positioning Data).
## Impact Assessment
- **Financial:** No financial impact reported publicly.
- **Data Breach:** No data breach or exfiltration involved.
- **Operational:** Operational continuity was maintained by utilizing contingency procedures, suggesting no mass cancellations or groundings. However, at least 400 flights were reportedly disrupted (according to the secondary source title, though not explicitly confirmed in the government statement provided).
- **Reputational:** Government issued clarification to address "growing concern" and a "navigation scare."
## Indicators of Compromise
- **Network indicators - defanged:** N/A (RF based indicators are not standard network logs).
- **File indicators:** N/A
- **Behavioral indicators:** Aircraft reporting inaccurate GPS positions during approach phases, particularly RWY 10 at IGIA. Reported loss of signal integrity during critical maneuvers.
## Response Actions
- **Containment measures:** Implementation of contingency procedures for affected flights.
- **Eradication steps:** Deployment of the Wireless Monitoring Organisation (WMO) to trace and locate the source of the spoofing signals.
- **Recovery actions:** Resumption of normal navigation procedures once the immediate threat was mitigated through contingency planning.
## Lessons Learned
- GPS spoofing is a proven, viable threat vector against critical aviation infrastructure utilizing PNT (Position, Navigation, and Timing) technologies, even without a traditional network breach.
- Contingency procedures are well-established and effective in preventing catastrophic failure during signal manipulation events.
- The source of the spoofing signals remains under investigation (WMO deployment).
## Recommendations
- Enhance ground-based authentication and monitoring systems capable of detecting subtle or localized GPS spoofing patterns beyond standard receiver alerts.
- Increase training for flight crews on recognizing, reporting, and executing contingency procedures for navigation signal anomalies.
- Expedite the investigation by the WMO to identify and neutralize the source of the persistent spoofing activity.