Theft

Threat actors may attempt to steal the data that is being gathered, processed, and sent from the victim spacecraft. Many spacecraft have a particular purpose associated with them and the data they gather is deemed mission critical. By attempting to steal this data, the mission, or purpose, of the spacecraft could be lost entirely.

ID: IMP-0006

Sub-techniques: No sub-techniques

ⓘ

Tactic: Impact

Created: 2022/10/19

Last Modified: 2022/12/08

Countermeasures

ID		Name	Description	NIST Rev5	D3FEND	ISO 27001
CM0000		Countermeasure Not Identified	This technique is a result of utilizing TTPs to create an impact and the applicable countermeasures are associated with the TTPs leveraged to achieve the impact	None		None

Related CWE Classes

Priority 1	Priority 2	Priority 3	Priority 4
CWE-1390: Weak Authentication	CWE-311: Missing Encryption of Sensitive Data	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	CWE-114: Process Control
CWE-1391: Improperly Implemented Security Check for Standard	CWE-345: Insufficient Verification of Data Authenticity	CWE-269: Improper Privilege Management	CWE-514: Covert Channel
CWE-20: Improper Input Validation	CWE-684: Incorrect Provision of Sensitive Information	CWE-657: Violation of Secure Design Principles	CWE-642: External Control of Critical State Data
CWE-287: Improper Authentication	CWE-923: Improper Restriction of Communication Channel to Intended Endpoints	CWE-666: Operation on Resource in Wrong Phase of Lifetime	CWE-653: Insufficient Separation of Duties
CWE-300: Channel Accessible by Non-Endpoint			CWE-668: Exposure of Resource to Wrong Sphere
CWE-326: Inadequate Encryption Strength			CWE-922: Insecure Storage of Sensitive Information
CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CWE-330: Use of Insufficiently Random Values
CWE-346: Origin Validation Error
CWE-506: Embedded Malicious Code
CWE-522: Insufficiently Protected Credentials
CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CWE-665: Improper Initialization
CWE-696: Incorrect Behavior Order
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Related Aerospace Threat ID

Related MITRE ATT&CK TTPs

No related MITRE ATT&CK TTPs

Related ESA SPACE-SHIELD TTPs

No related Spaceshield TTPs

Related MITRE EMB3D Threats

No related MITRE EMB3D Threats

Indicators of Behavior

ID	Name	Description	STIX Pattern

References

Epstein, Keith and Elgin, Ben. (2008). Tech - Network security breaches & NASA (V.G.Read). Retrieved on February 17, 2013, from http://spoonfeedin.blogspot.com.au/2008/11/tech-network-security-breachesnasa.Html
Thornburgh, Nathan. (2005). The Invasion of the Chinese Cyberspies. Retrieved on March 28, 2013, from http://www.time.com/time/magazine/article/0,9171,1098961,00.html
Martin, P. K.:NASA Cybersecurity: An Examination of the Agency’s Information Security In: Testimony before the Subcommittee on Investigations and Oversight, House Committee on Science, Space, and Technology February 2012 Url:https://oig.nasa.gov/docs/FINAL_written_statement_for_%20IT_%20hearing_February_26_edit_v2.pdf Retrieved 08/07/2019
Leyden, J.: Royal Navy hacker claims to have broken into space agency site Url: https://www.theregister.co.uk/2011/04/18/esa_website_hack/ Retrieved 08/07/2019
Storm, D.:Attackers hack European Space Agency, leak thousands of credentials 'for the lulz' Url: https://www.computerworld.com/article/3014539/attackers-hack-european-space-agency-leak-thousands-of-credentials-for-the-lulz.html December 2014 Retrieved 09/07/2019
Thomson, I.:Hackers mirror 250GB of NASA files on the web Url: https://www.theregister.co.uk/2016/02/01/250gb_nasa_data_hacked/ February 2016 Retrieved 09/07/2019
Williams, C: Houston, we've had a problem: NASA fears internal server hacked, staff personal info swiped by miscreants Url: https://www.theregister.co.uk/2018/12/18/nasa_server_hack/ December 2018 Retrieved 09/07/2019
spaceref.com: Potential Personally Identifiable Information (PII ) Compromise of NASA Servers Url: http://spaceref.com/news/viewsr.html?pid=52074 December 2018 Retrieved 09/07/2019
Cappaccio, Tony and Bliss, Jeff: China Suspected in Attacks on U.S. Satellities October 27 2011
Windsor, C., Malicious Actor Discloses FortiGate SSL-VPN Credentials, https://www.fortinet.com/blog/psirt-blogs/maliciousactor-discloses-fortigate-ssl-vpn-credentials, 2021, Retrieved October 27, 2022.
Abrams, L., Hackers leak passwords for 500,000 Fortinet VPN accounts, https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/ , 2021, Retrieved October 27, 2022.