Threat actors may leverage external-facing remote services to persist within the ground station management network. Adversaries may abuse legitimate access mechanisms such as Cloud Management Consoles, Bastion Hosts, or Reverse SSH Tunnels to maintain command and control channels. In a supply chain context, this may involve compromising the remote support channels used by the GSaaS provider for maintenance.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.