Develop/Obtain Capabilities: Software vulnerabilities

Other sub-techniques of Develop/Obtain Capabilities (9)

ID	Name
T2007.002	Code Signing Certificates
T2007.003	Digital Certificates
T2007.004	DSSS or Frequency hopping sequence
T2007.005	Malicious supply chain capabilities
T2007.006	Software vulnerabilities
T2007.008	Space Protocol Vulnerabilities
T2007.009	Tools for attacking space systems
T2007.010	TC/TM request forging
T2007.011	Cryptographic Keys

Exploiting unpatched/Outdated/Legacy COTS software deployed among the platform. COTS products are often highly complex, some of them involving tens of millions of lines of code, so that no one knows their content and behavior in detail. SDRs introduce protocol-independent software vulnerabilities into the communication system. ^[1]

ID: T2007.006

Sub-technique of: T2007

ⓘ

Tactic: Resource Development

ⓘ

Platforms: Ground Segment, Space Segment

Version: 2.0

Created: 25 August 2022

Last Modified: 21 April 2023

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

M. Manulis, C. P. Bridges, R. Harrison, V. Sekar, A. Davis. (2020, May). Cyber security in New Space. Retrieved September 29, 2022.