Threat actors seek to obtain the specific "Mission Profile" or configuration scripts (JSON/YAML) used to configure the Ground Station for a pass. This reveals the exact demodulation, decoding, and data delivery paths used by the victim.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.