Compromise Infrastructure: Mission-Operated Ground System

Other sub-techniques of Compromise Infrastructure (14)

ID	Name
ATAGS-T1016.001	3rd Party Ground System
ATAGS-T1016.002	3rd-Party Spacecraft
ATAGS-T1016.003	Botnet
ATAGS-T1016.004	Compromise Ground Segment
ATAGS-T1016.005	Compromise Satellite(s)
ATAGS-T1016.006	DNS Server
ATAGS-T1016.007	Domains
ATAGS-T1016.008	Malvertising
ATAGS-T1016.009	Mission-Operated Ground System
ATAGS-T1016.010	Network Devices
ATAGS-T1016.011	Server
ATAGS-T1016.012	Serverless
ATAGS-T1016.013	Virtual Private Server
ATAGS-T1016.014	Web Services

Threat actors may compromise mission owned/operated ground systems that can be used for future campaigns or to perpetuate other techniques. These ground systems have already been configured for communications to the victim ground station. By compromising this infrastructure, threat actors can stage, launch, and execute an operation. Threat actors may utilize these systems for various tasks, including Execution and Exfiltration.

ID: ATAGS-T1016.009

Sub-technique of: ATAGS-T1016

ⓘ

Tactic: Resource Development

ⓘ

Targeted Components: Hardware / Satellite Communication

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.