Threat actors may passively sniff network traffic to capture information about an environment, including authentication material passed over the network. Threat actors may place a network interface into promiscuous mode to passively access data in transit over the network, or use span ports to capture a larger amount of data. In the context of GSaaS, it includes the interception of digitized RF streams (VITA 49) and monitoring of the IF (Intermediate Frequency) spectrum data if accessible via network interfaces.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.