Threat actors may replay valid downlink commands to the spacecraft when it is passing over Threat actors-controlled ground station (or a compromised commercial station), forcing the satellite to transmit sensitive telemetry or payload data to an unauthorized location.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.