Compromise Infrastructure: 3rd-Party Spacecraft

Threat actors may compromise a 3rd-party SV that has the capability to maneuver within close proximity to a target SV. This technique enables historically lower-tier attackers the same capability as top tier nation-state actors without the initial development cost. Additionally, this technique complicates attribution of an attack. Since many of the commercial and military assets in space are tracked, and that information is publicly available, attackers can identify the location of space assets to infer the best positioning for intersecting orbits. Proximity operations support avoidance of the larger attenuation that would otherwise affect the signal when propagating long distances, or environmental circumstances that may present interference.

ID: CM0009
Sub-technique of:  RD-0002
Related Aerospace Threat IDs:  SV-AC-1
Related MITRE ATT&CK TTPs:  T1584 | T1586
Created: 2022/10/19
Last Modified: 2022/10/28

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0009 Threat Intelligence Program A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities and mitigate risk. Leverage all-source intelligence services or commercial satellite imagery to identify and track adversary infrastructure development/acquisition. Countermeasures for this attack fall outside the scope of the mission in the majority of cases. PM-16 PM-16(1) PM-16(1) RA-10 RA-3(2) RA-3(3) SR-8 A.5.7 A.5.7 A.5.7

References