Debris from a Russian hypersonic Kinzhal missile decoyed into an empty field by spoofing
Night Watch
The Kinzhal is one of Russia’s most modern weapons, a hypersonic missile ahead of anything fielded by the U.S. And while Ukraine has had some success downing them with Patriot missiles, recent modifications have helped Kinzhals to evade interceptors. Military officials who spoke to the FT said the intercept rate dropped from about 37 percent in August to about 6 percent in September.
In theory this leaves an open goal for the hypersonic missiles. But instead of hitting their targets, Kinzhals having recently been coming down at Mach 5+ and smashing into empty fields.
Ukraine’s Night Watch unit say their Lima Electronic Warfare systems is sending the Kinzhals astray, using a technique known as spoofing. Like a matador using a cloak to divert a charging bull, Night Watch makes Kinzhals miss by just enough to prevent damage.
“As of now, there are 21 suppressed Kinzhal missiles,” a source from Night Watch told me yesterday, noting that they were waiting for confirmation of two others to add to the score.
Proof Of The Spoof
The Kinzhal hypersonic missile is launched from a specially modified Mikoyan MiG-31K fighter jet
Getty Images
According to the makers, the Kinzhal has a ‘Circular Error Probable’ (CEP) of 10 meters, meaning it should hit within 10 meters of the aim point half of the time.
Ukrainian sources do not post information about where missiles land, but on November 10th a Russian military blogger released satellite images of craters left by recent Kinzhal strikes showing misses by up to 144 meters. If the target is an underground bunker of similar facility, that guarantees a miss, and is obviously much worse than the claimed CEP.
To understand what is happening we need to look at how missile guidance systems work. Intercontinental ballistic missiles with nuclear warheads typically rely on an Inertial Navigation system (INS), a set of accelerometers which track the missiles’ position by calculating how far it has traveled in what direction at what speed. INS starts off very accurate and drifts with time. In the case of the Minuteman III missile, in the half hour it takes to reach a target, its INS develops an error of up to 120 metres. That is not a problem with a 170-kiloton nuclear warhead; when you make a crater 300 meters across you do not require pinpoint accuracy.
Satellite imagery from Russian military blogger. Whatever this Kinzhal was aimed at, it missed.
Russian Telegram
However, the warhead of the Kinzhal is 1,000-pounds of conventional explosive, or about .0005 kilotons. It has INS, but even with a shorter flight time the Kinzhal needs something more to make it accurate enough to hit point targets. That something more is satellite navigation, using Russia’s own GLONASS satellite constellation rather than the American GPS. And unlike INS, which cannot be tampered with, satellite navigation can be confused by external signals.
This vulnerability is confirmed by images provided by Night Watch of a crashed Kinzhal in a field.
The rectangular antenna elements of the multi-element Kometa satallite receiver are visible to the right of this Kinzhal debris
Night Watch
“The missile has fallen without explosion which can be done only by an electronic warfare,” says the Night Watch source.
More importantly, the images show the tell-tale presence of a multi-element Kometa satellite navigation receiver. Similar receivers are found on Shahed drones, and use multiple antenna elements to negate jamming.
Brute Force Jamming Vs Stealthy Spoofing
Jamming is simple enough: broadcast noise on the frequency used by the satellites, drowning out their weak, distant signal. It is countered by multiple elements, technically known as Controlled Reception Pattern Antennas or CPRA, as seen in Kometa. Each element can block out a jamming signal, and the number of antenna elements installed has steadily risen during the war from four to eight to twelve and now 16. This makes it much harder to field enough jammers to prevent navigation (we looked at this topic in more detail here).
Spoofing used to send a naval vessel off course
U.S. Navy
Spoofing is more insidious: instead of blocking out satellite signals, it sends fake data which confuses the receiver into giving the wrong location. Unlike jamming, where the satnav stops working, the victim does not know they are being attacked. Ukraine has been using country-wide system called Pokrova to spoof Shaheds since 2024, but Night Watch’s Lima system appears more advanced.
“We create a wide navigation-denial zone and transmit a specific signal in binary format,” says the Nigh Watch source. “In certain flight modes, this produces severe anomalies in one of the missile’s channels, causing the autopilot to attempt stabilization while effectively ignoring other sensors.”
Spoofing can send civilian GPS way off course. Anyone trying to use satnav near the Kremlin will find they are apparently several miles away due to a spoofing system to block drone attacks. Ships in the Black Sea have reported locations that put them inland at Gelendzhik Airport due to Russian spoofing.
Military systems can detect that the satellite navigation is showing a false reading, but they cannot identify the problem.
“At that moment the navigation loop is essentially ‘blind,’ and there is nothing left to correct the error,” says the Night Watch source.
In such cases they may fall back to less accurate systems like INS. This may prevent the missile straying miles off course, but is not good enough to hit the target.
If the missile does not detect the spoofing, it may be lured far from its intended target, as seen by one missile that was spoofed in the Zhytomyr region.
“[It hit] 200 km from the airfield that was the target of the strike,” said the Night Watch source,
“This is fascinating and does indeed seem legitimate,” Thomas Withington, an electronic warfare expert at the Royal United Services Institute (RUSI), told me.
For their fake signal, Night Watch apparently use a digital version of a patriotic Ukrainian anthem. This is purely for style, as any random data will do.
Cat And Mouse Developments
Russia only produces 10-15 Kinzhals a month, so a high proportion may now be falling to spoofing. The Kinzhals are the most important of the missiles brought down by Night Watch because they are so difficult to stop by other means, but it also drives other missiles off course.
Recovered debris from another Kinzhal lured off course by Nigh Watch’s Lima system
Night Watch
“The affected area is very large, and we influence all missiles flying through it simultaneously,” says the Night Watch source, “Each missile inside the zone ‘assumes’ the signal applies to it and reacts accordingly.”
The system has successfully diverted at least a dozen other missiles in addition to Kinzhals.
Night Watch do not expect that this will be a permanent solution. Electronic warfare is a game of cat and mouse in which every move is followed by a counter move : GPS navigation, followed by jammers, followed by jam-nullifying CRPA, followed by Lima, and so on.
As spoofing becomes an increasing issue, U.S. companies like CMC Electronics are working on technology to detect and mitigate it. The Russians are likely working hard to implement spoof-resistant guidance for the Kinzhal, and it is anyone’s guiess how long that will take.
At present, the Kinzhal, which Putin once described as ‘an ideal weapon’ able to beat all Western defenses, is likely to keep ploughing into farmland, to the sound of a Ukrainian anthem, a cost of many millions of wasted rubles.
Missile developers in other countries may also wish to take note.