TECHNIQUES

SPARTA

Reconnaissance

Gather Spacecraft Design Information

Software

Firmware

Cryptographic Algorithms

Data Bus

Thermal Control System

Maneuver & Control

Payload

Power

Fault Management

Gather Spacecraft Descriptors

Identifiers

Organization

Operations

Gather Spacecraft Communications Information

Communications Equipment

Commanding Details

Gather Launch Information

Flight Termination

Eavesdropping

Uplink Intercept

Downlink Intercept

Proximity Operations

Gather FSW Development Information

Development Environment

Security Testing Tools

Monitor for Safe-Mode Indicators

Gather Supply Chain Information

Hardware

Software

Known Vulnerabilities

Gather Mission Information

Resource Development

Acquire Infrastructure

Ground Station Equipment

Commercial Ground Station Services

Spacecraft

Compromise Infrastructure

Mission-Operated Ground System

3rd Party Ground System

3rd-Party Spacecraft

Obtain Capabilities

Exploit/Payload

Cryptographic Keys

Stage Capabilities

Identify/Select Delivery Mechanism

Upload Exploit/Payload

Initial Access

Compromise Supply Chain

Software Dependencies & Development Tools

Software Supply Chain

Hardware Supply Chain

Compromise Software Defined Radio

Crosslink via Compromised Neighbor

Secondary/Backup Communication Channel

Ground Station

Receiver

Rendezvous & Proximity Operations

Compromise Emanations

Docked Vehicle / OSAM

Proximity Grappling

Compromise Hosted Payload

Compromise Ground Station

Compromise On-Orbit Update

Malicious Commanding via Valid GS

Rogue External Entity

Rogue Ground Station

Rogue Spacecraft

Trusted Relationship

Mission Collaborator (academia, international, etc.)

Vendor

User Segment

Exploit Reduced Protections During Safe-Mode

Auxiliary Device Compromise

Assembly, Test, and Launch Operation Compromise

Execution

Position, Navigation, and Timing (PNT) Geofencing

Trigger Single Event Upset

Replay

Command Packets

Bus Traffic

Flooding

Erroneous Data

Valid Commands

Modify Authentication Process

Compromise Boot Memory

Exploit Hardware/Firmware Corruption

Design Flaws

Malicious Use of Hardware Commands

Disable/Bypass Encryption

Time Synchronized Execution

Absolute Time Sequences

Relative Time Sequences

Exploit Code Flaws

Flight Software

Operating System

Known Vulnerability (COTS/FOSS)

Inject Malicious Code

Exploit Reduced Protections During Safe-Mode

Modify On-Board Values

Registers

Internal Routing Tables

Memory Write/Loads

App/Subscriber Tables

Scheduling Algorithm

Science/Payload Data

Propulsion Subsystem

Attitude Determination & Control Subsystem

Electrical Power Subsystem

Command & Data Handling Subsystem

Watchdog Timer (WDT)

System Clock

Poison AI/ML Training Data

Side-Channel Attack

Spoofing

Time Spoof

Bus Traffic

Sensor Data

Exfiltration

Side-Channel Attack

Power Analysis Attacks

Electromagnetic Leakage Attacks

Traffic Analysis Attacks

Timing Attacks

Thermal Imaging attacks

Replay

Eavesdropping

Uplink Intercept

Downlink Intercept

Out-of-Band Communications Link

Proximity Operations

Modify Software Defined Radio

Compromised Ground Station

Compromised Developer Site

Compromised Partner Site

Persistence

Memory Compromise

Backdoor

Hardware

Software

Ground System Presence

Replace Cryptographic Keys

Defense Evasion

Disable Fault Management

Prevent Downlink

Inhibit Ground System Functionality

Jam Link Signal

Inhibit Spacecraft Functionality

Modify On-Board Values

Vehicle Command Counter (VCC)

Rejected Command Counter

Command Receiver On/Off Mode

Command Receivers Received Signal Strength

Command Receiver Lock Modes

Telemetry Downlink Modes

Cryptographic Modes

Received Commands

System Clock

GPS Ephemeris

Watchdog Timer (WDT)

Poison AI/ML Training Data

Masquerading

Exploit Reduced Protections During Safe-Mode

Modify Whitelist

Lateral Movement

Hosted Payload

Exploit Lack of Bus Segregation

Constellation Hopping via Crosslink

Visiting Vehicle Interface(s)

Impact

Deception (or Misdirection)

Disruption

Denial

Degradation

Destruction

Theft

Deception (or Misdirection)

Threat actors may seek to deceive mission stakeholders (or even military decision makers) for a multitude of reasons. Telemetry values could be modified, attacks could be designed to intentionally mimic another threat actor's TTPs, and even allied ground infrastructure could be compromised and used as the source of communications to the SV.

ID: CM0000

Sub-techniques: No sub-techniques

Related Aerospace Threat IDs: SV-IT-2 SV-AV-4 SV-MA-3 SV-SP-1 SV-SP-9 SV-AV-2 SV-AV-3 SV-AV-8 SV-IT-4 SV-MA-8 SV-AV-5 SV-AC-1 SV-AC-2 SV-IT-1 SV-AV-1 SV-MA-7 SV-CF-3 SV-SP-4

Related MITRE ATT&CK TTPs: No related MITRE ATT&CK TTPs

ⓘ

Tactic: Impact

Created: 2022/10/19

Last Modified: 2022/10/19

Countermeasures

ID		Name	Description	NIST Rev5	D3FEND	ISO 27001
CM0000		Countermeasure Not Identified	This technique is a result of utilizing TTPs to create an impact and the applicable countermeasures are associated with the TTPs leveraged to achieve the impact	None	None	None

Deception (or Misdirection)

Countermeasures

References