Lateral Movement Tactic is related to the access of another system or sub-system connected to a compromised component, leveraging a lack or a misconfiguration of separation tools. The attack can propagate to that component, delivering a wider access to the attacker.
ID | Name | Description | |
T2045 | Compromise a Payload after compromising the main satellite platform | TBD | |
T2017 | Compromise of another partition in Time and Space Partitioning OS or other types of satellite hypervisors | If a partitition is compromised, access to a critical partition can be gained through ports allowed by hypervisor. Information security is usually configured at the application level, with the execution confined to the application’s partition and controlled communication with the remaining partitions. Time and Space Partitioning or other satellite hypervisor types should protect system from interferences. All communication passes through the security components, which can include monitoring and cryptographic mechanisms. | |
T2046 | Compromise the satellite platform starting from a compromised payload | TBD | |
T2016 | Lateral Movement via common Avionics Bus | This attack is performed against a part of the system via a physical bus shared with a compromised system. Unprotected bus can be used to extend an attack to uncompromised components. In example, if payload has access to main 1553 bus, a hosted payload attack is possible. Fault injection or Adversary-in-the-Middle (AiTM) can be done into the 1553 bus. |