Lateral Movement Tactic is related to the access of another system or sub-system connected to a compromised component, leveraging a lack or a misconfiguration of separation tools. The attack can propagate to that component, delivering a wider access to the attacker.
| ID | Name | Description | |
| T2045 | Compromise a Payload after compromising the main satellite platform | An attacker can exploit vulnerabilities in the main satellite platform to gain access to its payload. This could involve modifying or taking control of the payload's hardware or software, either to disable it, manipulate its data, or use it for further exploitation. This compromise can happen if the main satellite's integrity is compromised and the attacker uses that foothold to access and manipulate payload operations or functionality. | |
| T2017 | Compromise of another partition in Time and Space Partitioning OS or other types of satellite hypervisors | If a partitition is compromised, access to a critical partition can be gained through ports allowed by hypervisor. Information security is usually configured at the application level, with the execution confined to the application's partition and controlled communication with the remaining partitions. Time and Space Partitioning or other satellite hypervisor types should protect system from interferences. All communication passes through the security components, which can include monitoring and cryptographic mechanisms. | |
| T2046 | Compromise the satellite platform starting from a compromised payload | An attacker can begin by compromising the payload of a satellite, exploiting vulnerabilities in its software or hardware. From there, the attacker can escalate their access to the satellite's main platform, potentially gaining control over critical systems, communications, and payload operations. | |
| .001 | Inter-Task Compromise | This attack path involves compromising a single task within an RTOS and leveraging inadequate memory isolation to influence or control other tasks. In a proof of concept, this was demonstrated through the attack that exploited the lack of access control in vTaskPrioritySet system call, enabling a compromised task could manipulate the scheduling and execution of others. | |
| .002 | Inter-Application Compromise | In hypervisor environments, compromising one guest application could lead to unauthorized interactions with other applications, exploiting weaknesses in spatial or temporal isolation. This was evidenced by proof of concept attacks exploiting the hypervisor’s scheduling policies. | |
| T2016 | Lateral Movement via common Avionics Bus | This attack is performed against a part of the system via a physical bus shared with a compromised system. Unprotected bus can be used to extend an attack to uncompromised components. In example, if payload has access to main 1553 bus, a hosted payload attack is possible. Fault injection or Adversary-in-the-Middle (AiTM) can be done into the 1553 bus. | |