Threat actors may gather information about the GSaaS provider's network topology, API gateway versions, and cloud region availability. Unlike traditional ground stations, this information is often publicly available in provider documentation and can be mapped to specific customer implementations.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.