Obtain Capabilities: Exploit/Payload

Threat actors may buy, steal, or download exploits and payloads that can be used for future campaigns or to perpetuate other techniques. An exploit/payload takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on the victim spacecraft's hardware, software, and/or subsystems. Rather than develop their own, threat actors may find/modify exploits from online or purchase them from exploit vendors.

ID: RD-0003.01
Sub-technique of:  RD-0003
Related Aerospace Threat IDs: 
Related MITRE ATT&CK TTPs:  T1588 | T1588.005
Created: 2022/10/19
Last Modified: 2022/12/08

Countermeasures

ID Name Description NIST Rev5
CM0009 Threat Intelligence Program A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities and mitigate risk. Leverage all-source intelligence services or commercial satellite imagery to identify and track adversary infrastructure development/acquisition. Countermeasures for this attack fall outside the scope of the mission in the majority of cases. PM-16 PM-16(1) PM-16(1) RA-10 RA-3(2) RA-3(3) SR-8

References

  • ViaSat, Inc., KA-SAT Network cyber attack overview, https://news.viasat.com/blog/corporate/ka-sat-network-cyber-attack-overview, 2022, Retrieved October 27, 2022.
  • Santamarta, R., VIASAT incident: from speculation to technical details, https://www.reversemode.com/2022/03/viasat-incident-from-speculation-to.html, 2022, Retrieved October 27, 2022.
  • Boschetti, Nicolò et. al.:Space Cybersecurity Lessons Learned from The ViaSat Cyberattack Url: https://www.researchgate.net/publication/363558808 October 2022, Retrieved October 27, 2022.
  • Guerrero-Saade, J. A., AcidRain
  • A Modem Wiper Rains Down on Europe, https://www.sentinelone.com/labs/acidrain-amodem- wiper-rains-down-on-europe/ , 2022, Retrieved October 27, 2022.