The GPS Spoofer At Khmeimim Air Base Has Been Affecting Commercial Aviation For Years. Someone Searched Us For It Tonight. We Don't Cover Russian Electronic Warfare. Here's Why That's About To Change.

# The GPS Spoofer At Khmeimim Air Base Has Been Affecting Commercial Aviation For Years. Someone Searched Us For It Tonight. We Don't Cover Russian Electronic Warfare. Here's Why That's About To Change.

On May 9 someone hit our search endpoint with the single query Khmeimim against all our indexes. Total results: one — the search-queries log entry of that query itself.

We had to look. Khmeimim Air Base is the Russian air base in western Syria. It is the documented source of a GPS spoofing operation that has been affecting commercial aviation across the eastern Mediterranean for years. The University of Texas at Austin used a GPS receiver onboard the International Space Station to pinpoint the spoofing transmitter at Khmeimim. The spoofing signals are upwards of five hundred times stronger than authentic GNSS for aircraft flying within line of sight — a direct safety threat to civilian aircraft in range.

The system doing the spoofing is the Krasukha-4 electronic warfare platform. A second EW asset, the R-330Zh Zhitel jamming station, is deployed at Aleppo airport. The combined footprint covers the corridor that commercial aviation uses for flights between Europe and the Levant. Israeli commercial aircraft have reported GPS interference attributed to Khmeimim. The interference is not specifically directed at Israel; the Jewish state is collateral damage in Moscow's effort to protect its troops from drone strikes and to assert regional dominance in electronic warfare.

We do not have a post on this. Not on Khmeimim, not on Krasukha-4, not on Russian electronic warfare more generally. The practitioner who searched us got nothing because we have not written it yet.

Why we don't have Russian EW coverage yet

Honest accounting in three points:

First, Russian electronic warfare is a kinetic-domain threat, and our published lane has been signals-intelligence and supply-chain. The crossover into EW is real — GPS spoofing affects supply-chain logistics, drone defense, and incident response timelines — but we have not done the work to map the EW order of battle the way we have mapped Iranian cyber wings or TeamPCP infrastructure. The EW domain has its own analyst community and we have not earned a seat there yet.

Second, the Iran-Israel kinetic war has dominated our 2026 Iran coverage and we have not connected the dots to the Russian EW assets supporting the Syrian theater. The Khmeimim assets are operationally adjacent to the Iran war — Iran's drone operations, the Israeli air defense response, the regional aviation impact all share airspace with Russian EW interference. We have eight Iran-cyber posts since March; zero Russian-EW posts. That is an editorial gap, not a research gap.

Third, we have written about GPS spoofing tangentially in OPSEC posts but never as a state-actor capability. Our December 2025 piece "OPSEC for the Rest of Us" treated GPS spoofing as a personal-privacy lever. Our threat-intelligence treatment of nation-state EW assets does not exist.

The query that hit our endpoint tonight is the demand signal that says we should fix this.

What the Khmeimim post would cover

A proper write-up of the Khmeimim EW operation would index three layers.

Layer one: the technical capability. Krasukha-4 is a ground-based broadband jamming and deception system. R-330Zh Zhitel handles cellular and satellite communications jamming with selective targeting. Both have been deployed to Khmeimim and Aleppo since the mid-2010s, with the spoofing capability confirmed publicly by University of Texas research as well as multiple independent reports from civilian aviation crews flying the eastern Mediterranean corridor. The Russian playbook also operates at Kola Peninsula in the Norwegian Arctic, where Russian EW activity has intensified through 2025 affecting GNSS users in East Finnmark.

Layer two: the operational impact. Commercial aviation affected in the corridor includes flights to Israel, Cyprus, Lebanon, and Greece. The Iran war has added additional pressure on regional GPS reliability — Iranian drone operations and Israeli air defense both rely on GNSS, both have to operate in the Khmeimim-affected zone, and both have presumably developed mitigations we do not have visibility into. The spillover to civilian aviation is the documented collateral damage.

Layer three: the cyber-EW convergence. Russian EW assets historically operate alongside cyber operations targeting the same regional defenders. The 2018 NotPetya attack used Ukrainian accounting software as the distribution vector while GRU EW units operated kinetic ground assets in eastern Ukraine. The same convergence applies in Syria: Russian cyber operators have used GRU-attributed infrastructure to target Western defense and aerospace contractors, and the EW dimension represents the kinetic complement. We do not currently track this convergence in our iocs or adversaries indexes.

The commitment

The zero-result query tonight is on the record. We will publish a Khmeimim post within the next two weeks that covers the three layers above with proper sourcing and a defender-oriented hunt-tonight section for any organization operating in the affected aviation, logistics, or maritime corridor. The follow-up will index against our existing Iran cyber coverage so the regional-conflict picture is complete from cyber, kinetic, and EW dimensions together.

If you are the practitioner who searched us for Khmeimim on May 9: you found a gap. The gap is now scheduled to close. If you have specific operational context — flight crew reports, GNSS receiver logs, maritime navigation incidents, regional cellular interference patterns — and you want to share, the [email protected] mailbox is read by humans.

If you are an analyst working the Russian EW domain professionally: we would value an introduction. We have the IOC corpus and the publishing cadence; we lack the EW order-of-battle depth. A handshake is appropriate. We are unaffiliated, we do not run a fund, and we do not have anything to sell you.

The receipts tonight are the zero-result query, the missing coverage, and the commitment to fix the gap.

— Patrick Duggan, May 12, 2026

Her name was Renee Nicole Good.

His name was Alex Jeffery Pretti.