Acquire Infrastructure: Ground Station Equipment

Threat actors will likely need to acquire the following types of equipment to establish ground-to-space communications: Antenna positioners: which also usually come with satellite tracking antenna systems, in order to accurately send and receive signals along several different bands. This infrastructure is useful in pinpointing the location of a spacecraft in the sky. Ground antennas: in order to send commands and receive telemetry from the victim spacecraft. Threat actors can utilize these antennas in relation to other tactics such as execution and exfiltration. Instead of compromising a third-part ground station, threat actors may opt to configure and run their own antennas in support of operations. Ground data processors: in order to convert RF signals to TCP packets. This equipment is utilized in ground stations to convert the telemetry into human readable format. Ground radio modems: in order to convert TCP packs to RF signals. This equipment is utilized in ground stations to convert commands into RF signals in order to send them to orbiting spacecraft. Signal generator: in order to configure amplitude, frequency, and apply modulations to the signal. Additional examples of equipment include couplers, attenuators, power dividers, diplexers, low noise amplifiers, high power amplifiers, filters, mixers, spectrum analyzers, etc.

ID: CM0009
Sub-technique of:  RD-0001
Related Aerospace Threat IDs: 
Related MITRE ATT&CK TTPs:  T1583
Created: 2022/10/19
Last Modified: 2022/12/08

Countermeasures

ID Name Description NIST Rev5 D3FEND ISO 27001
CM0009 Threat Intelligence Program A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities and mitigate risk. Leverage all-source intelligence services or commercial satellite imagery to identify and track adversary infrastructure development/acquisition. Countermeasures for this attack fall outside the scope of the mission in the majority of cases. PM-16 PM-16(1) PM-16(1) RA-10 RA-3(2) RA-3(3) SR-8 A.5.7 A.5.7 A.5.7

References