• Matrices
  • Tactics
  • Techniques
  • Mitigations
  • Contribute
This is an European Space Agency Space instance of the MITRE ATT&CK Website.
TECHNIQUES
Space
Reconnaissance
Active Scanning (RF/Optical)
Telecommand Protocol Scanning
Telemetry Protocol Scanning
Mission specific channel scanning
Remote Vulnerability Scanning
Gather Victim Mission Information
Search Closed Sources
Spear Phishing attacks
Open Source Intelligence (OSINT)
Gather Victim Org Information
Search Closed Sources
Open Source Intelligence (OSINT)
Spear Phishing attacks
In orbit proximity intelligence
Optical (visual) reconnaissance
Electromagnetic reconnaissance
Telemetry Protocol Interception
Telecommand Protocol Interception
Mission specific Channel Interception
Traffic Analysis
Passive Interception (RF/Optical)
Telecommand Protocol Interception
Telemetry Protocol Interception
Mission specific Channel Interception
Traffic Analysis
Phishing for Information
Spear Phishing to Ground Segment Operators
Spear Phishing to Industry/Space Agencies
Resource Development
Acquire or Build Infrastructure
Acquire Ground-station/ Ground segment
Acquire jamming equipment
Acquire Satellite
Rent ground segment as a service
Compromise Account
Brute forcing
Compromise Infrastructure
Compromise Ground Segment
Compromise Satellite(s)
Develop/Obtain Capabilities
Code Signing Certificates
Digital Certificates
DSSS or Frequency hopping sequence
Malicious supply chain capabilities
Software vulnerabilities
Space Protocol Vulnerabilities
Tools for attacking space systems
TC/TM request forging
Cryptographic Keys
Initial Access
Direct Attack to Space Communication Links
Exploitation of clear mode (also known as safe mode)
Record and replay TC/TM or mission specific packets
Ground Segment Compromise
Logical compromise
Physical compromise
Supply Chain Compromise
Compromise Software Dependencies and Development Tools
Compromise Software Supply Chain
Compromise Hardware Supply Chain
Trusted Relationship
External Entities interconnected to main mission
Federated missions
Interconnected spacecrafts
Valid Credentials
Steal cryptographic keys
Forge Digital Certificates
Brute force attack against TC channel or mission channel
Execution
Modification of On Board Control Procedures modification
Native API
Payload Exploitation to Execute Commands
Persistence
Backdoor Installation
Hardcoded credentials and/or keys
Integration of custom malicious hardware
OBSW modification
Transponder reconfiguration
Payload modification
Key Management Infrastructure Manipulation
Replace / generate new Session Keys
Replace / generate new Master Keys
Pre-OS Boot
System Firmware Exploitation
Valid Credentials
Steal cryptographic keys
Forge Digital Certificates
Brute force attack against TC channel or mission channel
Privilege Escalation
Become Avionics Bus Master
Escape to Host
Exploitation of vulnerabilities
Defense Evasion
Impair Defenses
Triggering the clear mode
Indicator Removal on Host
Clear Log/Command History
Masquerading
Pre-Os Boot
System Firmware Exploitation
Credential Access
Adversary in the Middle
Lower Orbit Satellites, or Drones
Brute Force
TC Brute Forcing
Communication Link Sniffing
RF sniffing
Retrieve TT&C master/session keys
Compromise of Key Management Facility
Cryptographic Key Corruption
Interception of Key Management Communication
Discovery
Key Management Policy Discovery
Spacecraft's Components Discovery
System Service Discovery
Trust Relationships Discovery
Lateral Movement
Compromise a Payload after compromising the main satellite platform
Compromise of another partition in Time and Space Partitioning OS or other types of satellite hypervisors
Compromise the satellite platform starting from a compromised payload
Inter-Task Compromise
Inter-Application Compromise
Lateral Movement via common Avionics Bus
Collection
Adversary in the Middle
Unauthenticated gateway or unauthenticated interplanetary node
Satellite constellation
Data from link eavesdropping
Payload eavesdropping
Range Data eavesdropping
TC/TM eavesdropping
Command and Control
Protocol Tunnelling
Telecommand a Spacecraft
Telecommand within a spacecraft
Replay attacks
Telecommand capabilties
TT&C over ISL
Exfiltration
Exfiltration Over Payload Channel
Exfiltration Over TM Channel
Optical link modification
RF modification
Side-channel exfiltration
Impact
Data Manipulation
Stored Data Manipulation
Transmitted Data Manipulation
Runtime Data Manipulation
Ground Segment Jamming
Jamming from the ground
Loss of spacecraft telecommanding
Replacement of authentication keys
Permanent loss to telecommand satellite
Replace session and master keys
Resource damage
Space Debris Impact
Physical sabotage
Intentional collision with other satellites
Destruction of sensors
Destruction of receivers
Breakdown of counterfeit components
Kinetic attacks
Resource Hijacking
Saturation of Inter Satellite Links
Coremelt attacks
Saturation/Exhaustion of Spacecraft Resources
Receiver flooding
Avionics Bus Flooding
OBC overloading
Drain satellite's power
Waste of propellant
RTOS Scheduler Compromise
Hypervisor Scheduling Compromise
Service Stop
Ground system loss
Disabling Payload Service
Spacecraft Jamming
Receiver lock on a spurious carrier
Optical Jamming (Links/Sensor Blinding)
SDR buffer overflow
Temporary loss to telecommand satellite
Replace session keys
Transmitted Data Manipulation
  1. Home
  2. Techniques
  3. Space
  4. Passive Interception (RF/Optical)
  5. Telemetry Protocol Interception

Passive Interception (RF/Optical): Telemetry Protocol Interception

Other sub-techniques of Passive Interception (RF/Optical) (4)
ID Name
T2004.001 Telecommand Protocol Interception
T2004.002 Telemetry Protocol Interception
T2004.003 Mission specific Channel Interception
T2004.005 Traffic Analysis

An attacker tries to gain knowledge about the Telemetry implementation, including the authentication and encryption status. [1]

Standard/references: [2] [3] [4] [5]

ID: T2004.002
Sub-technique of:  T2004
ⓘ
Tactic: Reconnaissance
ⓘ
Platforms: Space-link communication
Version: 2.0
Created: 25 August 2022
Last Modified: 21 April 2023

Mitigations

ID Mitigation Description
M2003 Encryption of communications

References

  1. CCSDS. (2022, February). REPORT CONCERNING SECURITY THREATS AGAINST SPACE MISSIONS, CCSDS 350.1-G-3. Retrieved September 29, 2022.
  2. CCSDS. (2021, October). RECOMMENDATIONS FOR RADIO FREQUENCY AND MODULATION SYSTEMS, Earth Stations and Spacecraft, CCSDS 401.0-B-32. Retrieved September 29, 2022.
  3. CCSDS. (2022, April). RECOMMENDED STANDARD FOR TM SYNCHRONIZATION AND CHANNEL CODING, CCSDS 131.0-B-4. Retrieved September 29, 2022.
  1. CCSDS. (2021, October). RECOMMENDED STANDARD FOR TM SPACE DATA LINK PROTOCOL, CCSDS 132.0-B-3. Retrieved September 29, 2022.
  2. Lily Hay Newman. (2020, August). Hackers Are Building an Army of Cheap Satellite Trackers. Retrieved September 29, 2022.
×

2023, European Space Agency.

attack.mitre.org