Lateral Movement Tactic is related to the access of another system or sub-system connected to a compromised component, leveraging a lack or a misconfiguration of separation tools. The attack can propagate to that component, delivering a wider access to the attacker.
| ID | Name | Description | |
| T2045 | Compromise a Payload after compromising the main satellite platform | An attacker can exploit vulnerabilities in the main satellite platform to gain access to its payload. This could involve modifying or taking control of the payload's hardware or software, either to disable it, manipulate its data, or use it for further exploitation. This compromise can happen if the main satellite's integrity is compromised and the attacker uses that foothold to access and manipulate payload operations or functionality. | |
| T2017 | Compromise of another partition in Time and Space Partitioning OS or other types of satellite hypervisors | If a partitition is compromised, access to a critical partition can be gained through ports allowed by hypervisor. Information security is usually configured at the application level, with the execution confined to the application's partition and controlled communication with the remaining partitions. Time and Space Partitioning or other satellite hypervisor types should protect system from interferences. All communication passes through the security components, which can include monitoring and cryptographic mechanisms. | |
| T2046 | Compromise the satellite platform starting from a compromised payload | An attacker can begin by compromising the payload of a satellite, exploiting vulnerabilities in its software or hardware. From there, the attacker can escalate their access to the satellite's main platform, potentially gaining control over critical systems, communications, and payload operations. | |
| T2016 | Lateral Movement via common Avionics Bus | This attack is performed against a part of the system via a physical bus shared with a compromised system. Unprotected bus can be used to extend an attack to uncompromised components. In example, if payload has access to main 1553 bus, a hosted payload attack is possible. Fault injection or Adversary-in-the-Middle (AiTM) can be done into the 1553 bus. | |