Lateral Movement

Lateral Movement Tactic is related to the access of another system or sub-system connected to a compromised component, leveraging a lack or a misconfiguration of separation tools. The attack can propagate to that component, delivering a wider access to the attacker.

ID: TA0008
Created: 25 August 2022
Last Modified: 14 April 2023

Techniques

Techniques: 4
ID Name Description
T2045 Compromise a Payload after compromising the main satellite platform TBD
T2017 Compromise of another partition in Time and Space Partitioning OS or other types of satellite hypervisors If a partitition is compromised, access to a critical partition can be gained through ports allowed by hypervisor. Information security is usually configured at the application level, with the execution confined to the application’s partition and controlled communication with the remaining partitions. Time and Space Partitioning or other satellite hypervisor types should protect system from interferences. All communication passes through the security components, which can include monitoring and cryptographic mechanisms.
T2046 Compromise the satellite platform starting from a compromised payload TBD
T2016 Lateral Movement via common Avionics Bus This attack is performed against a part of the system via a physical bus shared with a compromised system. Unprotected bus can be used to extend an attack to uncompromised components. In example, if payload has access to main 1553 bus, a hosted payload attack is possible. Fault injection or Adversary-in-the-Middle (AiTM) can be done into the 1553 bus.