Threat actors may initially compromise a spacecraft in order to access the target Ground station. Once compromised, the threat actor can perform a multitude of initial access techniques, including replay, compromising FSW deployment, compromising encryption keys, and compromising authentication schemes. Threat actors may also perform further reconnaissance within the system to enumerate mission networks and gather information related to ground station logical topology, missions ran out of said ground station, and other mission system capabilities.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.