Compromise Infrastructure: Web Services

Other sub-techniques of Compromise Infrastructure (14)

ID	Name
ATAGS-T1016.001	3rd Party Ground System
ATAGS-T1016.002	3rd-Party Spacecraft
ATAGS-T1016.003	Botnet
ATAGS-T1016.004	Compromise Ground Segment
ATAGS-T1016.005	Compromise Satellite(s)
ATAGS-T1016.006	DNS Server
ATAGS-T1016.007	Domains
ATAGS-T1016.008	Malvertising
ATAGS-T1016.009	Mission-Operated Ground System
ATAGS-T1016.010	Network Devices
ATAGS-T1016.011	Server
ATAGS-T1016.012	Serverless
ATAGS-T1016.013	Virtual Private Server
ATAGS-T1016.014	Web Services

Threat actors may register for web services that can be used during targeting. A variety of popular websites exist for Threat actors to register for a web-based service that can be abused during later stages of the adversary lifecycle, such as during Command and Control (Web Service), Exfiltration Over Web Service, or Phishing. Using common services, such as those offered by Google, GitHub, or Twitter, makes it easier for Threat actors to hide in expected noise. By utilizing a web service, Threat actors can make it difficult to physically tie back operations to them.

ID: ATAGS-T1016.014

Sub-technique of: ATAGS-T1016

ⓘ

Tactic: Resource Development

ⓘ

Targeted Components: Hardware / Satellite Communication

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.