Command and Control

Command and Control consists of techniques that adversaries may use to communicate with systems under their control. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection .

ID: TA0011
Created: 25 August 2022
Last Modified: 14 April 2023

Techniques

Techniques: 3
ID Name Description
T2047 Protocol Tunnelling Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems. Tunneling involves explicitly encapsulating a protocol within another.This behavior may conceal malicious traffic by blending in with existing traffic and/or provide an outer layer of encryption
T2019 Telecommand a Spacescraft Command and Control consists of techniques that adversaries may use to communicate with systems under their control. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection .If the attacker has the system under its control, he can interact with it to command it
.004 Telecommand within a spacescraft From inside the spacecraft (after gaining access eg to a payload), an attacker can send telecommand to the on board computer.
.005 Replay attacks An attacker can intercept a message (e.g with jamming) stored it , and then replayed it.
.006 Telecommand capabilties An attacker can send command with a direct access after obtaining telecommand capabilities ( e.g by hijacking a ground station).
T2048 TT&C over ISL If the attacker has already managed to issue Telcommands to a spacecraft, then, if Inter Satellite Links (ISL) are used, he can attempt to issue Telecommands to other spacecrafts over the ISLs.