Threat actors may rely on other tactics and techniques in order to execute malicious code on the victim ground station. This can be done via compromising the supply chain or development environment in some capacity or taking advantage of known commands. However, once malicious code has been uploaded to the victim ground station, the threat actor can then trigger the code to run via a specific command or wait for a legitimate user to trigger it accidently. The code itself can do a number of different things to the hosted payload, subsystems, or underlying OS.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.