Technical Update - GNSS Spoofing Attacks in Ukraine

17 September 2025

Overview

Users of GNSS receivers operating in certain regions of Ukraine are experiencing the effects of suspected spoofing attacks. Spoofing attacks of this nature can have a wide-ranging impact on the performance of GNSS receivers. This document provides a summary of technical updates on these suspected spoofing attacks, including symptoms such as loss of satellite tracking and invalid TerraStar subscriptions, as well as suggested mitigation steps.

Issue Diagnosis

Users of NovAtel OEM7 GNSS receivers operating in Ukraine are seeing that the GPS reference/base week number is being reported incorrectly to a date in the future after these suspected spoofing attacks.

The GPS base week can be seen in the header of a NovAtel receiver log. For example, the BESTPOS log, as illustrated below, has this available in field 7 of the log header:

<BESTPOS ICOM1 0 60.5 FINESTEERING 2384 397429.000 12000020 cdba 17139 < SOL_COMPUTED SINGLE 57.20141174119 -2.19225115672 63.3885 50.4000 WGS84 0.2957 0.2700 0.4452 "" 0.000 0.000 45 45 45 42 00 86 3f 37

The base week as of 11th September 2025 should be “2383”. If a future GPS week is seen in this field, as in this example, it is highly likely the receiver has been affected by a spoofing attack.

The correct GPS base week for any given day can be found on the GPS Calendar webpage provided by the National Geodetic Survey: https://geodesy.noaa.gov/CORS/resources/gpscals.shtml

Other symptoms of this issue include:

Receiver does not track any satellites, despite being powered on under open-sky conditions.
Active TerraStar subscriptions are displayed as ‘expired’. TerraStar subscription expiry dates are verified by the receiver against the GPS base week; therefore, users may also see subscriptions being incorrectly shown as ‘expired’, when in fact they are still valid.

Mitigation

The OEM7 receiver will not recover from this incorrect GPS week through a power cycle/reset. To recover the OEM7 receiver to the correct GPS base week the following command may be issued to the receiver:

FRESET BASE_WEEK

Notes:

After sending this command, the receiver will reboot and actively search for and download the latest satellite almanac information. If valid and correct almanac data is found, the receiver will compute the correct GPS date and time. It is important to note that if the receiver is restarted in the same location while the spoofing attack is ongoing, the issue is likely to persist.
This command will not remove other configuration settings; however, it is recommended to have the desired configuration script available for the receiver before initiating the reset.
Any TerraStar subscriptions active on the receiver will need to be re-activated via the user desired activation method (L-band or IP delivery). Users can use the latest NovAtel Application Suite software to connect to the receiver and initiate a subscription resend in the Subscription Information tile.

Hexagon is actively investigating a long-term resolution for this GPS base week issue and will provide a further update once a resolution becomes available.

Questions

For any questions, please reach out to your Sales representative or to Customer support.

Connect with an expert from our support team

Contact Support

Questions? Contact our sales team

Contact Sales
Find Dealer

Hexagon's Divisions

Explore Hexagon

AGRICULTURE

ASSET LIFECYCLE INTELLIGENCE

AUTONOMY & POSITIONING

GEOSYSTEMS

MANUFACTURING INTELLIGENCE

MINING

Safety, INFRASTRUCTURE & GEOSPATIAL

XALT SOLUTIONS

Explore All

Explore Hexagon

OUR STORY

SOLUTIONS

SUSTAINABILITY

Bulletins, Alerts & Release Notices