REC-0001 |
Gather Spacecraft Design Information |
Threat actors may gather information about the victim SV's design that can be used for future campaigns or to help perpetuate other techniques. Information about the SV can include software, firmware, encryption type, purpose, as well as various makes and models of subsystems. |
|
REC-0001.09 |
Fault Management |
Threat actors may gather information about any fault management that may be present on the victim SV. This information can help threat actors construct specific attacks that may put the SV into a fault condition and potentially a more vulnerable state depending on the fault response. |
REC-0004 |
Gather Launch Information |
Threat actors may gather the launch date and time, location of the launch (country & specific site), organizations involved, launch vehicle, etc. This information can provide insight into protocols, regulations, and provide further targets for the threat actor, including specific vulnerabilities with the launch vehicle itself. |
|
REC-0004.01 |
Flight Termination |
Threat actor may obtain information regarding the vehicle's flight termination system. Threat actors may use this information to perform later attacks and target the vehicle's termination system to have desired impact on mission. |
REC-0007 |
Monitor for Safe-Mode Indicators |
Threat actors may gather information regarding safe-mode indicators on the victim SV. Safe-mode is when all non-essential systems are shut down and only essential functions within the SV are active. During this mode, several commands are available to be processed that are not normally processed. Further, many protections may be disabled at this time. |
IA-0010 |
Exploit Reduced Protections During Safe-Mode |
Threat actors may take advantage of the victim SV being in safe mode and send malicious commands that may not otherwise be processed. Safe-mode is when all non-essential systems are shut down and only essential functions within the SV are active. During this mode, several commands are available to be processed that are not normally processed. Further, many protections may be disabled at this time. |
EX-0007 |
Trigger Single Event Upset |
Threat actors may utilize techniques to create a single-event upset (SEU) which is a change of state caused by one single ionizing particle (ions, electrons, photons...) striking a sensitive node in a SV (i.e., microprocessor, semiconductor memory, or power transistors). The state change is a result of the free charge created by ionization in or close to an important node of a logic element (e.g. memory "bit"). This can cause unstable conditions on the SV depending on which component experiences the SEU. SEU is a known phenomenon for SV due to high radiation in space, but threat actors may attempt to utilize items like microwaves to create a SEU. |
EX-0013 |
Flooding |
Threat actors use jamming and flooding attacks to disrupt communications by injecting unexpected noise or messages into a transmission channel. There are several types of attacks that are consistent with this method of exploitation, and they can produce various outcomes. Although, the most prominent of the impacts are denial of service or data corruption. Several elements of the space vehicle may be targeted by jamming and flooding attacks, and depending on the time of the attack, it can have devastating results to the availability of the system. |
|
EX-0013.02 |
Erroneous Data |
Threat actors inject noise into the target channel so that legitimate messages cannot be correctly processed due to data integrity impacts. Additionally, while this technique does not utilize valid commands, the target SV still must consume computing resources to process and discard the signal. |
|
EX-0013.01 |
Valid Commands |
Threat actors may utilize valid commanding as a mechanism for flooding as the processing of these valid commands could expend valuable resources like processing power and battery usage. Flooding the spacecraft bus, sub-systems or link layer with valid commands can create temporary denial of service conditions for the space vehicle while the SV is consumed with processing these valid commands. |
EX-0006 |
Disable/Bypass Encryption |
Threat actors may perform specific techniques in order to bypass or disable the encryption mechanism onboard the victim SV. By bypassing or disabling this particular mechanism, further tactics can be performed, such as Exfiltration, that may have not been possible with the internal encryption process in place. |
EX-0011 |
Exploit Reduced Protections During Safe-Mode |
Threat actors may take advantage of the victim SV being in safe mode and send malicious commands that may not otherwise be processed. Safe-mode is when all non-essential systems are shut down and only essential functions within the SV are active. During this mode, several commands are available to be processed that are not normally processed. Further, many protections may be disabled at this time. |
DE-0001 |
Disable Fault Management |
Threat actors may disable fault management within the victim SV during the attack campaign. During the development process, many fault management mechanisms are added to the various parts of the SV in order to protect it from a variety of bad/corrupted commands, invalid sensor data, and more. By disabling these mechanisms, threat actors may be able to have commands processed that would not normally be allowed. |
DE-0005 |
Exploit Reduced Protections During Safe-Mode |
Threat actors may take advantage of the victim SV being in safe mode and send malicious commands that may not otherwise be processed. Safe-mode is when all non-essential systems are shut down and only essential functions within the SV are active. During this mode, several commands are available to be processed that are not normally processed. Further, many protections (i.e. security features) may be disabled at this time which would ensure the threat actor achieves evasion. |
IMP-0001 |
Deception (or Misdirection) |
Threat actors may seek to deceive mission stakeholders (or even military decision makers) for a multitude of reasons. Telemetry values could be modified, attacks could be designed to intentionally mimic another threat actor's TTPs, and even allied ground infrastructure could be compromised and used as the source of communications to the SV. |
IMP-0002 |
Disruption |
Threat actors may seek to disrupt communications from the victim SV to the ground controllers or other interested parties. By disrupting communications during critical times, there is the potential impact of data being lost or critical actions not being performed. This could cause the SV's purpose to be put into jeopardy depending on what communications were lost during the disruption. This behavior is different than Denial as this attack can also attempt to modify the data and messages as they are passed as a way to disrupt communications. |
IMP-0003 |
Denial |
Threat actors may seek to deny ground controllers and other interested parties access to the victim SV. This would be done exhausting system resource, degrading subsystems, or blocking communications entirely. This behavior is different from Disruption as this seeks to deny communications entirely, rather than stop them for a length of time. |
IMP-0004 |
Degradation |
Threat actors may target various subsystems or the hosted payload in such a way in order to rapidly increase it's degradation. This could potentially shorten the lifespan of the victim SV. |