Execution

At the Execution phase the adversary tries to execute his own commands (either already available in the spacecraft as built in capabilities or not) for malicious purposes, including (if possible) arbitrary malicious code. The intended purpose is to obtain further information (from the inside), elevate privileges, move laterally, establish persistence, or launch a direct attack (eg Denial of Service or other). All the techniques in the Execution tactic are related to an adversary’s code running inside a machine. The code execution is usually used to accomplish other goals, like control the system or modify its parameters. In a space system, an attacker can use the gained access to the payload or to the TC system to interact with the spacecraft, attempting to modify the resource’s behavior.

ID: TA0002
Created: 25 August 2022
Last Modified: 14 April 2023

Techniques

Techniques: 3
ID Name Description
T2010 Modification of On Board Control Procedures modification An On-Board Control Procedure (OBCP) is a software program designed to be executed by an OBCP engine, which can be loaded, executed, and also replaced, on‐board the spacecraft. An attacker can attempt to modify them to execute her own commands and control the spacecraft.The attacker can attempt to modify OBCP to gain access to the interface of the On-Board Computer (OBC) and interact with it. In New Space mission, and in general missions using CubeSats, Execution can include exploitation of Micropython flaws or vulnerabilities or using Shell commands for various purposes (further reconnaissance, privilege escalation, launching attacks like Denial of Service, take full control of spacecraft, etc.).
T1106 Native API Operating systems like RTEMS provide API to interact with. An attacker can exploit them or abuse a vulnerability/misconfiguration to maliciously execute code or commands.
T2012 Payload Exploitation to Execute Commands If an attacker gains access to payload, he can execute telecommands; in addition, he can propagate the attack exploiting payload activities.