Threat actors may abuse the legitimate Cloud Control APIs provided by the GSaaS platform to execute commands (e.g., slewing antennas, scheduling passes, modifying modulation schemes). This requires valid credentials but leverages the inherent functionality of the service. The attacker calls a legitimate function exactly as the developer intended, but for a malicious purpose.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.