At the Execution phase the adversary tries to execute his own commands (either already available in the spacecraft as built in capabilities or not) for malicious purposes, including (if possible) arbitrary malicious code. The intended purpose is to obtain further information (from the inside), elevate privileges, move laterally, establish persistence, or launch a direct attack (eg Denial of Service or other). All the techniques in the Execution tactic are related to an adversary’s code running inside a machine. The code execution is usually used to accomplish other goals, like control the system or modify its parameters. In a space system, an attacker can use the gained access to the payload or to the TC system to interact with the spacecraft, attempting to modify the resource’s behavior.
ID | Name | Description | |
T2010 | Modification of On Board Control Procedures modification | An On-Board Control Procedure (OBCP) is a software program designed to be executed by an OBCP engine, which can be loaded, executed, and also replaced, on‐board the spacecraft. An attacker can attempt to modify them to execute her own commands and control the spacecraft.The attacker can attempt to modify OBCP to gain access to the interface of the On-Board Computer (OBC) and interact with it. In New Space mission, and in general missions using CubeSats, Execution can include exploitation of Micropython flaws or vulnerabilities or using Shell commands for various purposes (further reconnaissance, privilege escalation, launching attacks like Denial of Service, take full control of spacecraft, etc.). | |
T1106 | Native API | Operating systems like RTEMS provide API to interact with. An attacker can exploit them or abuse a vulnerability/misconfiguration to maliciously execute code or commands. | |
T2012 | Payload Exploitation to Execute Commands | If an attacker gains access to payload, he can execute telecommands; in addition, he can propagate the attack exploiting payload activities. |