Italy has expelled two officials from the Russian Embassy on espionage charges. On July 9, 2026, Italian Deputy Prime Minister and Foreign Minister Antonio Tajani announced that two Russian military attachés—Ivan Gorbachov and Mikhail Astakhov—had been declared persona non grata and ordered to leave the country within three days. Tajani described Moscow’s actions as a form of “hybrid warfare” directed against both Italy and the West. Russia’s Ministry of Foreign Affairs subsequently announced that it would retaliate against the public expulsion of its diplomats.
The decision followed the recent arrest of two former members of the Italian intelligence community accused of passing classified information to Russian diplomats. Italy’s Carabinieri ROS (Special Operations Group) dismantled an espionage network working on behalf of Russia’s Main Directorate of the General Staff (GRU).
The central figure in the case is 59-year-old Gavino Raul Piras, a former senior Italian counterintelligence official with extensive knowledge of Italy’s national security architecture. He was arrested alongside his former colleague, former Carabinieri officer Vincenzo Di Pasquale, while another active-duty military officer remains under investigation. According to prosecutors, the group supplied classified information to Mikhail Astakhov, a GRU intelligence officer operating under diplomatic cover at the Russian Embassy in Rome. Investigators believe that Piras was motivated either by financial gain or by longstanding resentment toward the leadership of Italy’s intelligence services.

The network posed an especially serious threat because its primary objective extended beyond conventional military secrets to include geospatial intelligence. The serving Italian military officer involved in the group had access to confidential events and closed forums organized by Telespazio SpA, the joint venture between Leonardo and Thales and one of the world’s leading providers of satellite services, navigation technologies, and space-based data processing. The espionage ring also collected information during restricted meetings of a major IT company responsible for supporting the digital capabilities of the Italian State Police. Consequently, in addition to intelligence related to the Grifo and Astermissile systems, the GRU sought access to critical space technologies enabling advanced satellite-based observation and geospatial monitoring.
Gavino Raul Piras was particularly well positioned for such activities. He graduated in Political Science and International Relations, writing his thesis on the Russian intelligence services. During the late 1990s, he served in the Second Information and Security Department (II RIS)—the military intelligence branch of the Italian General Staff—where he helped establish its counterintelligence division. He subsequently joined the Italian External Intelligence and Security Agency (AISE) before moving to the Italian Internal Intelligence and Security Agency (AISI), where he headed counterintelligence operations until his dismissal in 2012.

Correspondence dating from June 2023 reportedly revealed that Piras left AISI following a major internal dispute and developed a personal grudge against his superiors after what he considered the wrongful arrest of an innocent intelligence officer. According to Italian media, this resentment eventually led him to cooperate with a hostile foreign power. Operating online under the pseudonym “Kevin,” he published analytical articles and promoted pro-Kremlin and anti-Ukrainian narratives. For example, in late 2025 he actively disseminated Moscow’s claims alleging that Britain’s MI6 was responsible for the sabotage of the Nord Stream pipelines and for the arrest of Ukrainian citizen Serhii Kuznetsov.
Despite Piras’ extensive experience, the Russian intelligence operation ultimately failed. Italian counterintelligence successfully dismantled the espionage network, neutralized the threat to Italy’s geospatial intelligence capabilities, arrested the domestic collaborators, and secured the immediate expulsion of Russian diplomat and alleged GRU officer Mikhail Astakhov.
According to the Italian Prosecutor’s Office and the Carabinieri, the detained Italians collaborated with an official from the Russian Embassy in Rome, supplying classified national security information in exchange for financial compensation. The Italian Internal Intelligence and Security Agency (AISI) concluded that Russian intelligence services had recruited former Italian intelligence personnel to obtain sensitive information concerning Italy’s defense industry. The suspects are also accused of revealing the identities of active Italian counterintelligence officers, thereby compromising ongoing intelligence operations.
Analytical Assessment
As Russia continues its aggressive hybrid campaign against Western democracies, it increasingly employs its diplomatic presence abroad as a platform for intelligence collection targeting critical military, technological, and defense-related information. Such activities represent a direct threat to the national security of the Italian Republic and to its NATO allies.
The arrest of two former Italian intelligence officers demonstrates the depth of Russian intelligence penetration into Italy’s security sector. The suspects allegedly transferred sensitive information concerning NATO satellite surveillance and space-based geospatial intelligence to Russian intelligence services. This indicates that Russia is conducting a sustained and systematic intelligence and subversive campaign inside Italy while seeking to expand its influence across key sectors of the country’s national security infrastructure.
The classified defense information obtained through espionage operations in Italy is likely intended to support broader Russian hybrid influence operations directed against NATO member states, including Italy itself. Access to advanced geospatial intelligence, satellite technologies, and defense-industrial information could enhance Russia’s military planning, intelligence collection, cyber operations, and strategic targeting capabilities while simultaneously undermining NATO’s technological advantage and operational security.
Based on publicly available information, court records, and official Italian government announcements, only a small number of Russian diplomats have been publicly identified by name as alleged GRU officers or as intelligence officers working under diplomatic cover who were expelled from Italy since 2014. Intelligence services rarely disclose the true affiliation of expelled diplomats, so many expulsions involve unnamed officers. The following list includes those whose identities have been publicly confirmed or widely reported.
| Year | Name | Official diplomatic position | Assessed intelligence affiliation | Reason for expulsion |
| 2021 | Alexey Nemudrov | Naval and Air Attaché, Russian Embassy in Rome | Widely assessed as GRU military intelligence officer | Expelled following the arrest of Italian Navy Captain Walter Biot for transferring NATO classified documents. |
| 2021 | Dmitri Ostroukhov | Embassy official (Military Attaché Office) | Believed to have supported GRU activities | Expelled together with Nemudrov during the Walter Biot espionage case. |
| 2026 | Mikhail Vasilyevich Astakhov | Military Attaché, Russian Embassy | Identified by Italian investigators as a GRU officer operating under diplomatic cover | Expelled after being identified as the handler of former Italian intelligence officers Gavino Raul Piras and Vincenzo Di Pasquale in a long-running espionage network targeting NATO and Italian defense secrets. |
| 2026 | Ivan Petrovich Gorbachev | Military Attaché, Russian Embassy | Italian authorities accused him of participating in Russian military intelligence activities | Expelled alongside Astakhov after Rome prosecutors uncovered the GRU espionage operation. |
Additional Russian diplomatic expulsions
Several publicly documented cases strongly indicate Russian interest in technologies that underpin U.S. GEOINT capabilities.
| Year | Russian officer | Cover | Service | GEOINT-related target | Outcome |
| 2015 | Igor Sporyshev | Trade Representative, Russian Mission in New York | SVR | Attempted recruitment of sources in energy, finance and high technology, including aerospace-related sectors supporting national security | Diplomatic immunity; departed U.S. after investigation |
| 2015 | Victor Podobnyy | Attaché, Russian Mission to the UN | SVR | Recruitment of engineers and students with access to advanced technologies, including aerospace and satellite-related expertise | Left U.S. under diplomatic immunity before charges |
| 2022 | 12 unnamed Russian diplomats | Russian Mission to the UN | Assessed intelligence officers (SVR/GRU) | Espionage activities against U.S. national security; specific targets were not disclosed publicly | Expelled from the United States |
Related U.S. cases involving satellite and GEOINT technology
These cases did not involve Russian diplomats, but they illustrate Russian intelligence priorities in areas closely linked to GEOINT.
Gregory Allen Justice (2016)
- U.S. satellite systems engineer.
- Attempted to sell classified satellite technology to a person he believed was a Russian intelligence officer (actually an undercover FBI agent).
- The information involved:
- military satellite testing;
- satellite firmware;
- anti-jamming technologies;
- communications, navigation and Earth-observation satellite systems.
Evgeny Buryakov Spy Ring (2015)
Although primarily focused on economic intelligence, the FBI investigation showed that Russian intelligence officers sought to recruit individuals with access to advanced technologies and U.S. strategic industries, including sectors supporting aerospace and defense innovation.
Why there are few publicly identified GEOINT cases in the United States
There are several reasons: The U.S. typically classifies GEOINT-related counterintelligence investigations because they often involve the National Geospatial-Intelligence Agency, National Reconnaissance Office, satellite reconnaissance programs, and highly classified collection capabilities. When Russian diplomats are expelled, the government usually cites “activities inconsistent with diplomatic status” or “espionage” without revealing operational targets. Investigations involving satellite reconnaissance and space systems frequently remain sealed to protect intelligence sources and methods.
Open-source evidence indicates that Russian intelligence has consistently sought access to U.S. satellite, aerospace, and space technologies, but there is no publicly confirmed U.S. case equivalent to Italy’s 2026 Piras–Astakhov investigation, where prosecutors explicitly alleged that a Russian diplomat under diplomatic cover was collecting NATO geospatial intelligence.
Instead, U.S. counterintelligence cases suggest a broader Russian strategy focused on acquiring enabling technologies for GEOINT—such as satellite engineering, remote sensing, navigation, anti-jamming systems, and advanced aerospace research—rather than publicly acknowledged theft of finished geospatial intelligence products. Much of the evidence relating to any direct targeting of U.S. GEOINT organizations is likely to remain classified.
Although not all individuals were publicly identified:
- April 2022: Italy expelled 30 Russian diplomats as part of the coordinated European response following the Bucha atrocities. The Italian government stated that many were expelled because they posed a threat to national security and were suspected intelligence officers operating under diplomatic cover. Their identities were not officially released.
Notable GRU-related espionage cases in Italy
Several major counterintelligence investigations illustrate the broader GRU presence in Italy:
- Walter Biot case (2021): Italian Navy Captain Walter Biot was caught transferring NATO Secret documents to Russian embassy personnel for cash. The case resulted in the expulsion of Nemudrov and Ostroukhov and remains one of the most significant Russian espionage cases uncovered within NATO in recent years.
- Piras–Astakhov network (2026): Italian investigators concluded that the network sought intelligence on:
- NATO satellite and geospatial intelligence;
- Italian missile programs (including Aster and Grifo);
- European defense industrial capabilities;
- Italian and allied intelligence personnel;
- Ukraine-related military assistance and NATO planning.
Open-source evidence suggests that the Russian Embassy in Rome has served as one of the GRU’s principal intelligence platforms in Southern Europe. The known expulsions reveal a consistent focus on: NATO military planning; aerospace and satellite technologies; Italy’s defense industry (particularly Leonardo S.p.A. and Telespazio);counterintelligence personnel; defense procurement and military assistance to Ukraine.
The relatively small number of publicly identified diplomats should not be interpreted as reflecting the full size of the Russian intelligence presence. Italian authorities generally do not disclose the identities of most intelligence officers expelled under diplomatic cover, and many suspected GRU, SVR, and FSB officers have likely left Italy without public attribution during broader diplomatic reductions.
Russian intelligence requirements in geospatial intelligence (GEOINT) are driven by military planning, precision targeting, hybrid operations, and strategic competition with NATO. Based on documented Russian espionage cases in Italy, the Walter Biot affair, the Piras–Astakhov network, Russian military doctrine, and observed operational behavior in Ukraine, the following Key Intelligence Questions (KIQs) are likely among the highest priorities: What are the precise geospatial coordinates of NATO command-and-control facilities? Which air bases, naval installations, logistics hubs, and ammunition depots are most critical to NATO reinforcement plans? How are new NATO facilities in Southern and Eastern Europe being expanded? Which facilities have limited physical protection or air-defense coverage?
Satellite and Space Capabilities
- Which European satellites provide military-grade imagery for NATO operations?
- What are the revisit rates, resolution, and tasking capabilities of European Earth-observation satellites? How are commercial satellite constellations integrated into NATO intelligence architecture? What vulnerabilities exist in European satellite ground stations? Which transport corridors would NATO use to reinforce its eastern flank? Which bridges, tunnels, rail junctions, ports, and airports represent critical bottlenecks? What infrastructure improvements are underway to support rapid troop movement?
Missile Targeting: Which fixed military facilities would be prioritized during the opening phase of a conflict? What are the precise coordinates of Patriot, SAMP/T, Aegis Ashore, and other air-defense systems? Where are missile stockpiles, fuel depots, and maintenance facilities located? How can geospatial data improve targeting accuracy for long-range precision weapons?
Defense Industrial Base: Where are production lines for missiles, drones, satellites, and electronic warfare systems located? Which facilities manufacture critical components that could become strategic targets? How are supply chains geographically distributed?
Critical Infrastructure: Which electricity substations support military installations? What are the locations of fiber-optic hubs, satellite communication nodes, and data centers? Which LNG terminals, ports, and energy facilities are essential to NATO operations?
Maritime Domain Awareness: What is the geospatial layout of ports supporting NATO naval deployments? Which subsea cables and pipelines constitute strategic chokepoints? What infrastructure supports unmanned maritime systems?
Space-Based ISR Architecture: How are Italian, French, German, and EU satellite systems fused into NATO ISR?Which software platforms integrate satellite imagery with other intelligence sources? Which commercial providers support military operations?
Air Defense Mapping: What are the exact deployment locations of radar systems? Where are sensor coverage gaps?How frequently do mobile air-defense units relocate?
NATO Exercises: What temporary infrastructure is established during major exercise Which deployment patterns indicate actual contingency planning rather than training? Which units operate from previously unused locations?
Ukraine Support: Which logistics hubs process military aid destined for Ukraine? Where are equipment maintenance and refurbishment facilities located? Which rail and road corridors are most heavily used?
Emerging Technologies: Which companies are developing AI-enabled geospatial analytics? Which institutions work on hyperspectral imaging, synthetic aperture radar (SAR), and automated target recognition? How are dual-use commercial technologies incorporated into military applications?
Intelligence Requirements Suggested by the Italian Cases
The Walter Biot (2021) and Piras–Astakhov (2026) investigations indicate that Russian intelligence was particularly interested in: Telespazio’s satellite infrastructure; NATO geospatial databases; European space surveillance capabilities; Digital mapping of defense infrastructure; Missile targeting data; Military GIS systems; Personnel with access to geospatial intelligence; Counterintelligence methods protecting space-related programs.
This suggests that Russia’s objective extends beyond collecting individual documents. It seeks to understand how NATO generates, processes, and exploits geospatial intelligence throughout the targeting cycle.
Russia’s interest in geospatial intelligence has grown substantially since the full-scale invasion of Ukraine in 2022. The war has highlighted the decisive role of satellite imagery, commercial Earth observation, digital terrain modeling, and real-time geospatial analytics in modern warfare. Russian intelligence therefore seeks not only to acquire geospatial data, but also to penetrate the institutional and technological ecosystems that produce it.
The Italian espionage cases illustrate this evolution. Rather than focusing exclusively on traditional military secrets, Russian intelligence targeted organizations involved in satellite services, space data processing, navigation, and geospatial analytics. Such information can support military planning, improve precision targeting, enable hybrid operations against critical infrastructure, and help identify vulnerabilities in NATO’s command, logistics, and defense-industrial networks. From an intelligence perspective, compromising the geospatial ecosystem offers a multiplier effect, providing insights across multiple operational domains rather than a single military capability.
How Europe Can Counter Russian Attempts to Steal GEOINT Secrets
Europe should treat Russian collection against geospatial intelligence not as isolated espionage, but as a coordinated campaign targeting the entire GEOINT production chain: satellites, ground stations, defence companies, databases, analysts, contractors, software suppliers and officials with privileged access.
The EU already recognises space systems as critical infrastructure and proposes extending its space-threat response mechanism beyond Galileo to other European space assets. ENISA has also identified threats across the complete satellite lifecycle, including development, ground operations, communications links and decommissioning.
Create a European GEOINT counterintelligence mechanism. Europe needs a permanent counterintelligence structure focused specifically on space and GEOINT. It could operate through cooperation among national security services, the EU Intelligence and Situation Centre, the EU Satellite Centre, ESA, the European Defence Agency and NATO.
Its principal functions should be to: maintain a shared watchlist of suspected Russian intelligence officers, intermediaries and front companies; compare recruitment approaches reported in different countries; identify diplomats repeatedly seeking contacts in the aerospace and satellite sectors; circulate indicators of GRU and SVR targeting; coordinate responses before suspected officers can relocate between European capitals.
The principal weakness in the current system is fragmentation: one state may identify suspicious activity without immediately knowing that the same individual or company has approached targets elsewhere.
Reduce intelligence personnel operating under diplomatic cover
Military attaché offices are legitimate diplomatic institutions, but Russia has repeatedly used diplomatic status to protect intelligence officers from arrest.
European governments should therefore: impose tighter ceilings on Russian diplomatic and technical personnel; require clearer accreditation of military attaché staff; restrict access by Russian diplomats to defence exhibitions, satellite facilities and sensitive research events; coordinate expulsions so intelligence officers removed from one country cannot simply be posted to another EU state; publish names and known aliases when disclosure would not compromise an investigation.
Expulsion alone is insufficient. It disrupts an individual operation but does not dismantle the wider recruitment, financing and communications network.
Apply continuous vetting to former and serving intelligence personnel
The Italian case illustrates the particular danger posed by insiders with institutional knowledge, personal grievances, financial problems or continued access through former colleagues.
Security vetting should not end when an employee receives clearance. Personnel with access to military GEOINT should undergo proportionate, legally supervised reassessment covering:
- unexplained financial changes; persistent attempts to retain access beyond professional need; unauthorised contact with foreign officials; abnormal downloading or database-search patterns;
- undisclosed consultancy or academic work; signs of coercion, resentment or hostile-insider behaviour.
Former intelligence officers also require carefully designed post-employment controls. These could include mandatory reporting of contacts with officials from designated hostile states and restrictions on consulting for foreign-controlled entities in strategically sensitive sectors.
Such measures should be subject to judicial oversight and data-protection rules so that counterintelligence does not become indiscriminate surveillance.
Replace broad access with compartmentalisation
The greatest potential damage arises when one insider can access complete datasets combining satellite imagery, target coordinates, collection schedules, technical specifications and operational assessments.
Europe should enforce strict need-to-know compartmentalisation: imagery should be separated from source-identifying metadata; satellite tasking schedules should be stored separately from finished products; civilian, commercial and military datasets should have different access domains; staff should access only the geographic areas, missions and resolution levels required for their work; downloading large datasets should require additional authorisation; sensitive information should carry persistent digital identifiers.
A compromised employee should obtain only a fragment of the system, not a comprehensive picture of European collection capabilities.
Monitor the use of GEOINT systems, not only access to them
Traditional security systems often record whether a user entered a database. More effective counterintelligence examines how the user behaved after entering it.
Security teams should look for anomalies such as: repeated searches unrelated to assigned duties; interest in satellite ground stations or collection gaps; bulk downloads before travel or retirement; searches for NATO air-defence positions across multiple countries; attempts to access raw imagery when only finished assessments are needed; unusual use of removable media or printing; aggregation of individually unclassified datasets into a sensitive operational picture.
Automated detection can help identify anomalies, but decisions about investigations should remain under human and legal supervision.
Protect satellite tasking and collection metadata
Raw satellite images are only one part of GEOINT. In some circumstances, metadata may be more valuable because it reveals: which targets Europe considers important; how frequently satellites revisit them; the latency between collection and dissemination; sensor resolution and operating modes; weather and orbital limitations; blind spots in European coverage; which customers requested particular imagery.
Access to this information could allow Russia to anticipate observation windows, conceal military activity, use decoys or schedule movements between satellite passes.
Tasking data should therefore receive protection comparable to classified operational plans.
Strengthen cybersecurity across the entire space supply chain
European satellite security depends on much more than spacecraft. The attack surface includes user terminals, gateways, ground stations, telemetry systems, cloud infrastructure, software developers and maintenance contractors. ENISA specifically highlights threats affecting commercial satellites throughout their lifecycle and notes risks to control, ground and communications segments.
Ground infrastructure is often easier to penetrate than a satellite itself and may provide access to the same intelligence.
Extend security requirements to commercial providers
Screen investment, partnerships and research collaboration
Russian intelligence does not need to recruit a government official if it can gain indirect access through a supplier, research partnership, consultant or acquired company.
Investment screening should therefore focus on firms involved in: synthetic-aperture radar; hyperspectral sensing;satellite navigation; automated target recognition; geospatial artificial intelligence; secure cloud processing; satellite propulsion and control; high-resolution optical components; ground-station software.
Russia benefits when each espionage incident is treated as a bilateral dispute. Europe should develop graded collective responses based on the seriousness of the operation.
Possible measures include: confidential diplomatic warning; withdrawal of facility access; coordinated counterintelligence investigation; expulsion of identified officers; reduction of embassy staffing; sanctions on handlers and front entities; criminal prosecution of non-diplomatic participants; coordinated public attribution by several governments.
The EU Space Strategy for Security and Defence calls for stronger resilience, protection and response arrangements for European space systems.
Expand cooperation with NATO and Ukraine
Ukraine possesses extensive practical experience in identifying Russian targeting requirements, satellite-related deception, cyber intrusion and efforts to collect information on military logistics.
Structured exchanges should cover:
- Russian GEOINT collection priorities;
- known intelligence officers and technical intermediaries;
- indicators of targeting against satellite companies;
- methods used to map air-defence and logistics infrastructure;
- Russian use of commercial imagery;
- concealment and deception methods observed in wartime.
European institutions should combine this operational experience with NATO’s joint intelligence, surveillance and reconnaissance structure and the technical expertise of ESA, EDA and national space agencies.
Europe cannot fully prevent Russian intelligence from attempting to acquire GEOINT secrets. It can, however, make operations more expensive, slower and less productive.
The decisive shift should be from protecting individual classified documents to protecting the entire geospatial intelligence ecosystem. Russia is likely to target whichever component is least protected: a dissatisfied former officer, a commercial subcontractor, a conference participant, a cloud administrator or a small technology supplier. European security will therefore depend on integrating counterintelligence, cybersecurity, personnel security, industrial protection and alliance-wide information sharing into a single defensive architecture.
Europe’s priority should be to protect the people and systems that produce GEOINT, not merely the finished intelligence reports.
The Russian approach is likely to target the weakest link: disgruntled former officials, military attaché contacts, commercial satellite firms, subcontractors, cloud administrators, research partnerships and poorly monitored database users. Expelling diplomats is necessary, but it only removes individual handlers and rarely dismantles the wider network.
Therefore, the central European objective should be to prevent Russia from reconstructing NATO’s complete GEOINT cycle—from satellite tasking and collection to analysis, targeting and operational dissemination. Even partial Russian access to this cycle could help Moscow conceal troop movements, avoid observation windows, identify critical infrastructure and improve precision-strike planning.
Cases involving space and satellite technology (non-diplomatic cover)
Although these officers were not serving under diplomatic cover, they demonstrate Russia’s strong interest in acquiring technologies that underpin GEOINT.
Netherlands (2022)
Sergey Cherkasov (illegal GRU officer)
Cover:
- Brazilian graduate student
- Applied for internship at the International Criminal Court
Known intelligence priorities included: NATO institutions; European security organizations; Potential access to satellite imagery exploitation; International investigations using geospatial evidence.
He was arrested before entering the Netherlands.
Netherlands (2020)
Russian intelligence attempted to obtain: satellite technologies, nanotechnology,AI, advanced sensors from Dutch high-tech firms supporting European aerospace programs.
Dutch authorities expelled Russian intelligence officers and disrupted the operation.
Likely Russian GEOINT Collection Priorities
Analysis of these investigations suggests Russian intelligence consistently seeks information on: NATO satellite constellations, Earth-observation systems, military GIS databases, digital terrain models, missile target libraries, satellite tasking procedures, geospatial software, SAR imagery, satellite communications, AI-assisted imagery analysis, critical infrastructure mapping, logistics routes, underground facilities, space-based ISR integration.
Intelligence Assessment
The Italian Piras–Astakhov case appears to be the first publicly documented NATO espionage investigation in which prosecutors explicitly identified Russian intelligence as targeting the Alliance’s geospatial intelligence ecosystem rather than merely conventional military secrets. The investigation indicates that the GRU sought access not only to classified defense information but also to the infrastructure that enables NATO’s GEOINT enterprise, including satellite services, geospatial databases, space-based analytics, and commercial providers such as Telespazio.
This reflects a broader evolution in Russian intelligence priorities. Rather than concentrating solely on operational plans or weapons specifications, Russian services increasingly seek to understand how NATO collects, processes, fuses, and exploits geospatial information. Such knowledge can improve Russian targeting, enhance deception and concealment, identify surveillance gaps, and support hybrid operations against NATO’s critical infrastructure and space-enabled command-and-control systems. This trend is particularly significant as NATO expands the role of GEOINT and space-based ISR in its deterrence posture.
Russia’s strong interest in Western GEOINT probably reflects identifiable weaknesses in its own space-reconnaissance ecosystem. It does not mean that Russia lacks capable geospatial intelligence altogether.
Russia still operates military satellites for optical reconnaissance, signals intelligence and missile warning. It also possesses mature electronic-warfare, cyber, imagery-analysis and counterspace capabilities. The problem is that its system appears smaller, less resilient and less commercially scalable than the combined U.S.–NATO architecture. The U.S. Space Force assesses that Russia retains advanced ISR satellites but increasingly supplements them with civilian and foreign commercial providers.
What Russian espionage interest probably reveals
Insufficient satellite numbers and revisit frequency. A limited constellation cannot observe every priority target frequently enough. Modern military GEOINT requires repeated coverage to detect movement rather than merely photograph fixed facilities.
Russia may therefore seek Western information about: satellite orbits and tasking schedules; sensor coverage and revisit rates; NATO imagery archives; eal-time or near-real-time battlefield products; areas where Western satellites provide persistent surveillance.
A recent U.S. Space Force assessment described Russia’s space capabilities as declining relative to the United States and China, noting that Russia operated about 160 satellites in 2023—fewer than some individual commercial constellations.
Gaps in high-resolution and all-weather imaging. Optical satellites are constrained by clouds, smoke, darkness and camouflage. Synthetic-aperture radar satellites can observe at night and through poor weather, but advanced SAR constellations and processing systems are costly and technically demanding.
Russian intelligence interest in European space companies could indicate a need to understand or obtain: high-resolution optical sensors; SAR technologies; hyperspectral imaging; infrared detection; advanced radar components; image-enhancement and change-detection software.
The likely weakness is not necessarily the absence of these technologies, but their availability in sufficient numbers and at operational speed.
.
Russia has repeatedly demonstrated the ability to conduct reconnaissance and precision strikes. However, its interest in NATO systems may reflect concern that its own chain is slower, more centralized or less integrated than Western systems.
Western services increasingly combine government satellites, commercial imagery, airborne sensors, open-source data and artificial intelligence. Russia may seek intelligence on this architecture because NATO’s advantage lies in the fusion process, not just in satellite hardware.
The war in Ukraine demonstrated the value of large commercial constellations that can replace losses, increase revisit rates and rapidly distribute imagery to military users.
Russian intelligence interest in Western GEOINT is a strong indicator of capability gaps, particularly in constellation scale, high-frequency coverage, commercial supplementation, rapid data processing and advanced industrial components.The Kremlin is likely trying both to improve its own GEOINT system and reduce NATO’s advantage. That combination explains why Russian services target not only satellite imagery, but also personnel, technical specifications, tasking metadata, algorithms, ground infrastructure and the companies that connect space-based collection to military decision-making.
