Develop/Obtain Capabilities: Code Signing Certificates

Other sub-techniques of Develop/Obtain Capabilities (9)

ID	Name
T2007.002	Code Signing Certificates
T2007.003	Digital Certificates
T2007.004	DSSS or Frequency hopping sequence
T2007.005	Malicious supply chain capabilities
T2007.006	Software vulnerabilities
T2007.008	Space Protocol Vulnerabilities
T2007.009	Tools for attacking space systems
T2007.010	TC/TM request forging
T2007.011	Cryptographic Keys

Adversaries may buy and/or steal code signing certificates that can be used during targeting. Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted. Code signing provides a level of authenticity for a program from the developer and a guarantee that the program has not been tampered with. Users and/or security tools may trust a signed piece of code more than an unsigned piece of code even if they don't know who issued the certificate or who the author is. ^[1]

Standard/references: ^[2]

ID: T2007.002

Sub-technique of: T2007

ⓘ

Tactic: Resource Development

ⓘ

Platforms: Space Segment

Version: 2.0

Created: 25 August 2022

Last Modified: 05 February 2025

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

The MITRE Corporation. (2015-2022). MITRE ATT&CK® Retrieved September 27, 2022.

CCSDS. (2019, July). RECOMMENDED STANDARD FOR AUTHENTICATION SECURITY CREDENTIALS, CCSDS 357.0-B-1. Retrieved September 29, 2022.