Black Sea GPS Spoofing Patterns: Operational Analysis of 2025 Data

TITLE: Black Sea GPS Spoofing Patterns: Operational Analysis of 2025 Data DESCRIPTION: Analysis of 2025 GNSS interference patterns in the Black Sea FIRs, detailing affected airspace, NOTAMs, and operational procedures for aviation stakeholders. CONTENT: A measurable evolution in Global Navigation Satellite System (GNSS) interference has been documented across the Black Sea region since early 2025. Analysis of publicly available satellite Automatic Identification System (AIS) data reveals vessel tracks forming precise circular loops, a signature pattern distinct from earlier sporadic disruptions. This systematic signal manipulation presents a direct challenge to navigational integrity for aviation operations in adjacent Flight Information Regions (FIRs). FlySafe Research analysis, based on open-source data from maritime authorities and academic institutions, indicates this pattern necessitates updated risk assessments and procedural cross-checks for affected airspace.

This bulletin details the technical characteristics of the observed interference, identifies the specific FIRs and routes impacted, and provides operational recommendations derived from published NOTAMs and safety bulletins. The focus remains on actionable intelligence for flight planning and en-route procedures.

Documented Evolution of GNSS Interference Patterns

The progression of GNSS disruption in the Black Sea area is documented across multiple independent, publicly available data sets. Initial incidents, such as those near Crimea referenced in a 2021 NDU Press compilation by GPSPATRON, were isolated. By 2022-2023, reporting expanded geographically, with over two dozen cases confirmed in Latvian waters as documented by international news agencies.

A significant escalation in scale was recorded in April 2024. Lloyd’s List reported that 117 vessels in the Eastern Mediterranean simultaneously displayed false positions at Beirut Airport due to spoofed GNSS signals. This event demonstrated a capability for wide-area, concurrent interference.

The 2025 pattern, analyzed using Spire Global satellite data by researchers at Georgia Tech, exhibits increased sophistication. Spoofed vessel positions now form geometrically precise circular loops, with false locations offset by hundreds of nautical miles. This represents a shift from basic jamming or random position jumps to coordinated, gradual position manipulation that is more difficult to detect in real time.

Technical Analysis of Circular-Loop Spoofing Signatures

Understanding the technical mechanism of the observed interference is critical for developing effective detection protocols. Traditional jamming causes a loss of signal, a known failure mode prompting reversion to alternative navigation. Spoofing, as defined in peer-reviewed literature such as in the journal Atmospheres, involves the deliberate transmission of false signals causing a receiver to compute an incorrect position without triggering loss-of-signal alerts.

The circular-loop pattern is a specific spoofing technique. Falsified signals are coordinated to incrementally move a receiver’s reported position along a predetermined circular path. The continuity of the false track can maintain plausible speed and heading, bypassing simple anomaly detectors that look for sudden position jumps. As noted in analysis by Saturn Partners, this form of interference disrupts navigation without triggering traditional cybersecurity alerts, often leaving no obvious digital footprint.

Indicators documented by detection specialists like AI at Sea include inconsistencies between reported speed and vessel type, or positions reported over land. However, the circular-loop variant may initially suppress these signs. The primary indicator becomes a persistent, uncorrectable deviation when the GNSS position is cross-referenced with a second, independent source.

Affected Airspace and Flight Information Regions

Airspace Status: The zone of documented GNSS interference overlaps with several Black Sea FIRs handling international traffic. These include Ankara FIR (LTAA), Istanbul FIR (LTBB), Simferopol FIR (UKFV), and Odesa FIR (UKOV). NOTAMs indicating unreliable GNSS performance have been issued with increasing frequency for these regions since 2023. For example, NOTAM series LTTB and UKFV have regularly contained advisories on GNSS signal degradation.

Affected Routes: Flight paths crossing the Black Sea, particularly those connecting European hubs (e.g., Frankfurt, Istanbul) with destinations in the Caucasus (Tbilisi, Baku), Central Asia, and the Middle East, transit the affected area. Common routes such as UN873, UL980, and segments of the B-145 airway have been within the interference zone. Maritime traffic through the Turkish Straits and along the western Black Sea coast (near Bulgarian and Romanian FIRs LBBB and LRBB) has also been subject to spoofing, as per UK Maritime Trade Operations (UKMTO) advisories.

The geographic spread of similar interference is confirmed by public data. A Royal Institute of Navigation report cited by Shipping Telegraph indicated that in the Persian Gulf, over 50% of interference encounters lasted many hours or more than a day. UKMTO advisories in August 2025 also noted localized GNSS interference near Bab al-Mandab, confirming the phenomenon’s presence at other critical maritime chokepoints.

Operational Procedures and Mitigation Strategies

Based on published EASA Safety Information Bulletins and ICAO advisories, operators transiting affected FIRs should implement layered procedural and technical mitigations.

Pre-Flight Planning: Route planning must incorporate active NOTAM review for GNSS advisories in FIRs LTAA, LTBB, UKFV, and UKOV. Historical data indicates higher interference probability along the western and northern Black Sea coastline. Airlines, including Turkish Airlines and Lufthansa, have at times filed routes favoring land corridors or adjusted coast-track distances in response to active NOTAMs. Planners should identify and brief primary alternate navigation aids (VOR/DME) for each phase of flight within the affected airspace.

In-Flight Cross-Check Procedures: Crews must be proficient in timely cross-referencing of GNSS-derived position with independent sources. A specific procedural threshold is recommended: any sustained GNSS position discrepancy exceeding 2 nautical miles from the FMS position calculated via inertial reference, or a mismatch with a VOR/DME fix, should trigger immediate suspicion of spoofing. The circular-loop pattern may induce a gradual drift; therefore, cross-checks should be performed at intervals not exceeding 15 minutes while in the advisory area. Loss of RAIM (Receiver Autonomous Integrity Monitoring) availability is a secondary indicator.

Equipment Configuration: Where available, the use of multi-constellation GNSS receivers (accessing GPS, Galileo, and GLONASS) provides enhanced resilience. Simultaneous spoofing of all constellations is more complex. For maritime applications, research from the University of Texas at Austin suggests that cross-referencing GNSS data with Doppler log and gyrocompass inputs within ECDIS software can create an effective software-based detector.

Reporting Mandate: All suspected interference must be reported to the appropriate Air Traffic Service unit and subsequently to the regional monitoring agency, such as EUROCONTROL’s EVAIR program. This reporting is essential for the validation and issuance of NOTAMs.

Detection Capabilities and Industry Initiatives

The aviation and maritime industries are developing detection frameworks, though no universal off-the-shelf solution exists, as established by University of Texas at Austin research. Current capabilities are multi-layered.

Ground-based monitoring networks, such as the one described in Atmospheres journal deployed in the north-western Black Sea, use dynamically adjusted signal-to-noise ratio thresholds to identify interference events with high accuracy and minimal false positives. Satellite-based monitoring by firms like Spire Global and exactEarth analyzes AIS data for kinematic impossibilities, such as instantaneous high-speed turns or a vessel appearing in two locations.

Machine learning ensembles are being deployed to model normal vessel and aircraft trajectory behavior. Systems developed by companies like Windward and HawkEye 360 flag trajectories that conflict with expected patterns, such as a gradual circular drift inconsistent with wind, current, or flight plan data. For aviation, integrated systems like Honeywell’s JetWave SATCOM can provide alternative timing signals, while aircraft with dual-antenna GPS configurations can use antenna consistency checks to detect spoofing.

Key Takeaway for Aviation Stakeholders

The 2025 Black Sea GNSS interference data confirms a shift from sporadic disruption to systematic, patterned signal manipulation. The circular-loop spoofing signature necessitates specific procedural cross-checks, notably a 2-nautical-mile discrepancy threshold between GNSS and independent position sources. The affected FIRs—LTAA, LTBB, UKFV, and UKOV—require heightened situational awareness and adherence to published NOTAMs during flight planning and execution. The migration of similar interference signatures to other global regions indicates this is a systemic, enduring challenge to satellite-based navigation.

FlySafe Research continuously monitors GNSS interference through analysis of publicly available NOTAMs, EASA Safety Information Bulletins, ICAO circulars, and open-source intelligence monitoring to provide actionable risk assessments for operational planning.

Analysis based on publicly available data only. FlySafe Research does not possess, access, or utilize any classified or non-public information.

Frequently Asked Questions

What specific NOTAM codes should operators look for regarding Black Sea GNSS interference? Operators should monitor NOTAMs in the relevant FIRs containing the qualifier “GNSS” under the ‘Item Q’ field. Common examples include advisories on “GNSS SIGNAL DEGRADATION POSSIBLE” or “GNSS UNRELIABLE.” Specific series to watch include NOTAMs issued by Turkey (LTAA/LTBB) and those for Ukrainian airspace (UKFV/UKOV). The NOTAM text will specify the geographic bounds and flight levels affected.

What are the concrete procedural steps if spoofing is suspected during flight? The recommended immediate actions are: 1) Disregard the GNSS-derived position for primary navigation. 2) Navigate using the most reliable alternative source (e.g., IRS/VOR/DME/Radar). 3) Cross-verify the position using a second independent method (e.g., DME-DME fix). 4) Inform ATC of the suspected GNSS unreliability using the phraseology “GNSS NAVIGATION DEGRADED.” 5) Review and apply any contingency routes published in the flight plan.

How effective are multi-constellation GNSS receivers against this type of spoofing? While not spoof-proof, multi-constellation receivers (e.g., accessing GPS, Galileo, GLONASS) provide a higher degree of resilience. The spoofing transmitter must replicate the complex signal structures and precise timing of multiple satellite constellations simultaneously, which is a significantly greater technical challenge. A discrepancy in position solution between different constellations within the receiver can itself serve as a spoofing indicator. However, procedural cross-checks remain the primary defense.