Threat actors may attempt to infect Infrastructure as Code (IaC) templates or Mission Profiles with malicious logic. These files (e.g., Terraform, CloudFormation, or JSON mission definitions) define the configuration of the ground station resources and data flows. By injecting malicious definitions into the engineering environment or CI/CD pipeline, adversaries ensure that newly provisioned resources or scheduled contacts automatically execute compromised logic upon instantiation.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.