{"id":3182,"date":"2025-07-16T20:17:49","date_gmt":"2025-07-16T18:17:49","guid":{"rendered":"https:\/\/www.spacesecurity.info\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/"},"modified":"2025-07-16T20:54:47","modified_gmt":"2025-07-16T18:54:47","slug":"an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1","status":"publish","type":"post","link":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/","title":{"rendered":"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1)"},"content":{"rendered":"<h2>Disclaimer<\/h2>\n<p>Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the satellite.<\/p>\n<p>Both activities are independent of each other and were carried out by different teams. There is no association between me and the team that conducted the hacking experiment.<\/p>\n<p>This work is conducted on a personal basis and is independent of my work at Thales. Thales is in no way involved in this work, and Thales\u2019s responsibilities cannot be engaged under any circumstances.<\/p>\n<p>All slides embedded in this article are public slides presented by Thales during the CYSAT 2023 conference and available in the Youtube video which presents the Thales experiment.<\/p>\n<h2>Purpose of the article<\/h2>\n<p>This article is part of a series of articles on the analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot.<\/p>\n<p>Recently, I discovered the METEORSTORM\u2122 framework built by EthicallyHackingspace (eHs)\u00ae. I was lucky to be offered a preview of how to use this new framework by participating in and successfully completing a challenge exam which is still in beta version. The success of this exam allowed me to obtain the certification: Full Spectrum Space Cybersecurity Professional (SCOR Practitioner).<\/p>\n<p>As I now know how to use the METEORSTORM\u2122 framework correctly, I propose to show, in this series of articles, how I used the METEORSTORM\u2122 and its AI Copilot to:<\/p>\n<ul>\n<li>break down the experiment of Thales satellite hacking demo at CYSAT 2023,<\/li>\n<li>design the Threat Model with known and theoretical attack paths,<\/li>\n<li>record resilience and possible counter measures,<\/li>\n<li>identify detection measures,<\/li>\n<li>model Indicators of Compromise (IoC) and Recovery Resilience for the Incident Response Preparation phase.<\/li>\n<\/ul>\n<p>Brandon Bailey\u00a0and\u00a0Brad Roeher\u00a0from the SPARTA team already did an analysis of the Thales satellite hacking demo (<a href=\"https:\/\/www.spacesecurity.info\/an-analysis-of-the-thales-satellite-hacking-demo-cysat-2023-by-sparta-team\/\">summarized in this article<\/a>, full article\u00a0<a href=\"https:\/\/medium.com\/the-aerospace-corporation\/hacking-an-on-orbit-satellite-an-analysis-of-the-cysat-2023-demo-ae241e5b8ee5\">here<\/a>) but with the\u00a0<a href=\"https:\/\/www.spacesecurity.info\/aerospace-corporation-released-sparta-v1-3-a-new-version-of-the-space-attack-research-and-tactic-analysis-sparta-matrix\/\">SPARTA framework<\/a>.<\/p>\n<p>On my side, I have also already conducted an analysis of the Thales satellite hacking demonstration (full article <a href=\"https:\/\/www.spacesecurity.info\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-mitre-emb3d-threat-model\/\">here<\/a>) but using the MITRE EMB3D\u2122 framework.<\/p>\n<p>The goal with this series of articles is to go further by using METEORSTORM\u2122, \u00a0a modeling and analytic framework purpose-built to assess and enhance resilience across converged space systems.<\/p>\n<h2>Hacking demo at CYSAT 2023: what was the point again<\/h2>\n<p>To know more about the Thales hacking demo at CYSAT 2023, I encourage you to visit the following pages <a href=\"https:\/\/www.spacesecurity.info\/thales-demo-at-cysat-what-was-the-point-again\/\">here<\/a>, <a href=\"https:\/\/www.spacesecurity.info\/hacking-demo-at-cysat-2023-world-first-or-deja-vu%e2%9d%93-here-is-what-i-know-%f0%9f%91%87\/\">here<\/a> and <a href=\"https:\/\/www.spacesecurity.info\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-mitre-emb3d-threat-model\/\">here<\/a> where the results of the ethical satellite hacking exercise is detailed.<\/p>\n<h2>What is OPS-SAT<\/h2>\n<p>To know more about the Thales hacking demo at CYSAT 2023, I encourage you to visit the following page <a href=\"https:\/\/www.spacesecurity.info\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-mitre-emb3d-threat-model\/\">here<\/a> where OPS-SAT, a small, CubeSat-class satellite developed by the European Space Agency (ESA) to serve as a testbed for innovative software, systems, and operational concepts in space, is detailed.<\/p>\n<h2>What is METEORSTORM\u2122<\/h2>\n<p>METEORSTORM\u2122 stands for Multiple Environment Threat Evaluation of Resources, Space Threats, and Operational Risks to Missions.<\/p>\n<p>METEORSTORM\u2122 is a modeling and analytic framework purpose-built to assess and enhance resilience across converged space systems. Its core strengths include:<\/p>\n<ul>\n<li>Layered decomposition across physical environments, system segments, services, and assets.<\/li>\n<li>Analytic enrichment drawing from leading frameworks (e.g., MITRE ATT&amp;CK\u2122, D3FEND\u2122, CAPEC\u2122, ATLAS\u2122, FIGHT\u2122, EMB3D\u2122, ESA Space Shield, Aerospace SPARTA, NIST SP 800-160 Vol. 1 &amp; Vol. 2, and NIST SP 800-53).<\/li>\n<li>Support for hybrid architectures, including terrestrial, aquatic, aerial, orbital, and deep space domains.<\/li>\n<\/ul>\n<p>The METEORSTORM\u2122 framework is accompanied by a AI-Copilot platform. The AI Co-Pilot is an evolving assistant that guides real-time analysis and decomposition workflows.<\/p>\n<p>The METEORSTORM\u2122 framework is executed through six strict functions, each dependent on the prior, forming a traceable and enforced modeling sequence:<\/p>\n<ul>\n<li><strong>Function One &#8211; Concept of Operations (CONOPS)<\/strong> : Models the nominal state of a space platform by enforcing layered decomposition: PCE (Primary Capability Environment), SEG (Segment), SVC (Service), AST (Asset), AN (Analytic Enrichment)<\/li>\n<li><strong>Function Two &#8211; Threat Model<\/strong> : Models known\/theoretical attack paths (AN: ATT) and resilience measures (AN: RES).<\/li>\n<li><strong>Function Three &#8211; Detection Engineering<\/strong> : Transforms threats into detection logic using AN: DET and AN: IOA.<\/li>\n<li><strong>Function Four &#8211; Incident Response Preparation<\/strong> : Models Indicators of Compromise (AN: IOC) and Recovery Resilience (AN: RES)<\/li>\n<li><strong>Function Five &#8211; Adversary Management<\/strong> : Overlays real or theoretical adversaries to defined behaviors.<\/li>\n<li><strong>Function Six &#8211; Commercial Hybrid Warfare Attribution<\/strong> : Final function. Attributes actions to dual-use or commercial actors.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/06\/METEORSTORM-Cheat-Sheet.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-3146\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/06\/METEORSTORM-Cheat-Sheet-1024x656.jpg\" alt=\"\" width=\"696\" height=\"446\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/06\/METEORSTORM-Cheat-Sheet-1024x656.jpg 1024w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/06\/METEORSTORM-Cheat-Sheet-300x192.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/06\/METEORSTORM-Cheat-Sheet-768x492.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/06\/METEORSTORM-Cheat-Sheet-696x446.jpg 696w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/06\/METEORSTORM-Cheat-Sheet-1068x684.jpg 1068w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/06\/METEORSTORM-Cheat-Sheet.jpg 1409w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><\/a><\/p>\n<p>EthicallyHackingspace (eHs)\u00ae is working on launching a certification portal in a few months.\u00a0In the upcoming weeks a few other community professionals will be invited to participate in the exam challenge process until it is finalized in August.<\/p>\n<p>To know more about the METEORSTORM\u2122 framework, check our article <a href=\"https:\/\/www.spacesecurity.info\/exploring-the-power-of-the-meteorstorm-framework-a-framework-built-for-full-spectrum-modeling-of-current-emerging-and-theoretical-converged-space-cyber-systems\/\">here<\/a>.<\/p>\n<h2>Analysis of OPS-SAT with Function One &#8211; Concept of Operations (CONOPS)<\/h2>\n<p>At this stage, we will model the OPS-SAT platform by decomposing it into its environment, segments, services, and assets to establish a traceable baseline before introducing threats.<\/p>\n<p>Technical Features of OPS-SAT overview<\/p>\n<ul>\n<li>ARM-based onboard computer with 10\u00d7 the power of standard ESA satellite computers.<\/li>\n<li>Reconfigurable software platform, allowing remote code uploads and flexible updates.<\/li>\n<li>Includes:\n<ul>\n<li>Camera with high-resolution imagery.<\/li>\n<li>GPS receiver.<\/li>\n<li>S-band and UHF radios.<\/li>\n<li>AI processing onboard, and support for satellite cybersecurity research<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Full decomposition of OPS-SAT is described in the following article<\/p>\n<ul>\n<li>OPS-SAT wikipedia page : <a href=\"https:\/\/en.wikipedia.org\/wiki\/OPS-SAT\">https:\/\/en.wikipedia.org\/wiki\/OPS-SAT<\/a><\/li>\n<li>ESA website : <a href=\"https:\/\/www.esa.int\/Enabling_Support\/Operations\/OPS-SAT\">https:\/\/www.esa.int\/Enabling_Support\/Operations\/OPS-SAT<\/a><\/li>\n<\/ul>\n<p>Below is the full METEORSTORM\u2122 decomposition for OPS-SAT based on Function One: Concept of Operations (CONOPS) \u2014 fully compliant with the strict taxonomy, sequencing, and validation rules defined in the framework.<\/p>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Layer<\/strong><\/td>\n<td style=\"width: 86.3506%; text-align: center;\"><strong>Entry<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>PCE<\/strong><\/td>\n<td style=\"width: 86.3506%;\">\n<ul>\n<li>PCE: OR: Orbital: 00: LEO: Low Earth Orbit operational environment for technology demonstration (mission duration: launched 18\u202fDec\u202f2019, deorbited 22\u202fMay\u202f2024)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>SEG<\/strong><\/td>\n<td style=\"width: 86.3506%;\">\n<ul>\n<li>SEG: SP: Space: 00: Experimental Orbital Segment (3U CubeSat nanosatellite platforms)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>SVC<\/strong><\/td>\n<td style=\"width: 86.3506%;\">\n<ul>\n<li>SVC: CO: Control Plane: 00: Autonomous Control &amp; Experimentation Service: Provides onboard command execution, software testing, and reconfigurable mission logic<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>AST<\/strong><\/td>\n<td style=\"width: 86.3506%;\">\n<ul>\n<li>AST: FI: Firmware: 00: Reprogrammable Control Logic: Field-updatable firmware enabling dynamic upload of command and experiment control modules<\/li>\n<li>AST: HA: Hardware: 00: ARM-Based Onboard Computer: High-performance processor allowing AI\/ML software tests and high-fidelity data processing<\/li>\n<li>AST: HA: Hardware: 01 ADCS &amp; Camera Payloads: Includes fine ADCS, imager for experiments and astrometry<\/li>\n<li>AST: HA: Hardware: 02: GPS Receiver: Provides navigation and timing functionality<\/li>\n<li>AST: HA: Hardware: 03: SDR &amp; Optical Receiver: Software-defined radio, optical downlink receiver for communications<\/li>\n<li>AST: CI: Communications: 00: S-band CCSDS Uplink\/Downlink: Syrlinks EWC31 transceiver used for primary telemetry and command<\/li>\n<li>AST: CI: Communications: 01: X-band Payload (via CNES): Experimental high-speed downlink<\/li>\n<li>AST: CI: Communications: 02: UHF Backup Link: Redundant link for telemetry &amp; commands<\/li>\n<li>AST: SO: Software: 00: Remote Experiment Execution Stack: Software interface for executing uploaded experiments from ESA or external contributors<\/li>\n<li>AST: SI: Signal: 00: S-Band Uplink Receiver: Signal channel used for command uplink and experimental software transfer<\/li>\n<li>AST: DA: Data: 00: Onboard Experiment &amp; Telemetry Logs: Operational data and telemetry captured from experimental runs for downlink and analysis<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Analysis of Thales hacking demo with Function Two &#8211; Threat Model (using attack paths AN: ATT only)<\/h2>\n<p>At this stage, in this article, for the moment, we will deconstruct the Thales experiment with METEORSTORM\u2122 Function Two &#8211; Threat Model but only with attack paths using AN: ATT elements.<\/p>\n<p>In the next article, we will compete the METEORSTORM\u2122 Function Two &#8211; Threat Model with resilience measures using AN: RES elements.<\/p>\n<p>In the other articles of this series, we will complete this article and build a full threat model by adding all the other functions of the METEORSTORM\u2122 framework :<\/p>\n<ul>\n<li><strong>Function Two &#8211; Threat Model<\/strong> : with resilience measures using AN: RES elements<\/li>\n<li><strong>Function Three &#8211; Detection Engineering<\/strong> : Transforms threats into detection logic using AN: DET and AN: IOA.<\/li>\n<li><strong>Function Four &#8211; Incident Response Preparation<\/strong> : Models Indicators of Compromise (AN: IOC) and Recovery Resilience (AN: RES)<\/li>\n<li><strong>Function Five &#8211; Adversary Management<\/strong> : Overlays real or theoretical adversaries to defined behaviors.<\/li>\n<li><strong>Function Six &#8211; Commercial Hybrid Warfare Attribution<\/strong> : Final function. Attributes actions to dual-use or commercial actors.<\/li>\n<\/ul>\n<p>The figure below is showing a summary of the full attack flow used by the Thales team to conduct the attack on OPS-SAT.<\/p>\n<figure id=\"attachment_3113\" aria-describedby=\"caption-attachment-3113\" style=\"width: 940px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Summary-of-the-full-attack-flow.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3113 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Summary-of-the-full-attack-flow.jpg\" alt=\"\" width=\"940\" height=\"538\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Summary-of-the-full-attack-flow.jpg 940w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Summary-of-the-full-attack-flow-300x172.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Summary-of-the-full-attack-flow-768x440.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Summary-of-the-full-attack-flow-696x398.jpg 696w\" sizes=\"auto, (max-width: 940px) 100vw, 940px\" \/><\/a><figcaption id=\"caption-attachment-3113\" class=\"wp-caption-text\">Figure 4: Summary of the full attack flow (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<p>Since the Thales OPS-SAT attack is multi-stage, we can model each phase as its own discrete AN: ATT element. This approach aligns with the METEORSTORM\u2122 enforcement model and supports full traceability for detection and resilience mapping.<\/p>\n<p>Here is the full, six-stage multi-vector attack path (AN: ATT: 00\u201305) for the OPS-SAT satellite hacking scenario. Each stage includes:<\/p>\n<ul>\n<li>Detailed descriptions<\/li>\n<li>Full SPARTA and EMB3D mappings<\/li>\n<li>Targeted METEORSTORM\u2122 asset layer tags<\/li>\n<\/ul>\n<p><strong>Step 1: Unsafe Java deserialization (<\/strong><strong>AN: ATT: 00 \u2013 Initial Access via Unsafe Java Deserialization)<br \/>\n<\/strong><\/p>\n<p>To introduce the compromised or flawed software onto the spacecraft, the team needed to bypass security checks and evaluations. To achieve their objective, they introduced a deserialization vulnerability into the software, enabling defensive mechanism evasion and potential exploitation for executing arbitrary commands.<\/p>\n<figure id=\"attachment_3094\" aria-describedby=\"caption-attachment-3094\" style=\"width: 926px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Deserialization.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3094 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Deserialization.jpg\" alt=\"\" width=\"926\" height=\"524\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Deserialization.jpg 926w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Deserialization-300x170.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Deserialization-768x435.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Deserialization-696x394.jpg 696w\" sizes=\"auto, (max-width: 926px) 100vw, 926px\" \/><\/a><figcaption id=\"caption-attachment-3094\" class=\"wp-caption-text\">Figure 5: The Deserialization Vulnerability (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<h6 style=\"text-align: left;\">With the METEORSTORM\u2122 framework, this translates to:<\/h6>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Layer<\/strong><\/td>\n<td style=\"width: 86.3506%; text-align: center;\"><strong>Entry<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>AN<\/strong><\/td>\n<td style=\"width: 86.3506%;\">AN: ATT: Attack Path: 00: Initial Access via Unsafe Java Deserialization<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Description<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Description: Attacker uploads a payload containing crafted serialized objects exploiting ESA&#8217;s experiment execution logic.<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Source<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Source: Mapped from<\/p>\n<ul>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/EX-0009\/\">SPARTA.EX-0009<\/a>: Exploit Code Flaws<\/li>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/EX-0009\/01\/\">SPARTA.EX-0009.01<\/a>: Exploit Code Flaws: Flight Software<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-326.html\">EMB3D.TID-326<\/a>: Insecure Deserialization<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Target<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Target: AST: SO: Software: 00: ESA App Manager (NMF SDK)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_3098\" aria-describedby=\"caption-attachment-3098\" style=\"width: 926px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Stay-Undetected-Success.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3098 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Stay-Undetected-Success.jpg\" alt=\"\" width=\"926\" height=\"526\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Stay-Undetected-Success.jpg 926w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Stay-Undetected-Success-300x170.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Stay-Undetected-Success-768x436.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Stay-Undetected-Success-696x395.jpg 696w\" sizes=\"auto, (max-width: 926px) 100vw, 926px\" \/><\/a><figcaption id=\"caption-attachment-3098\" class=\"wp-caption-text\">Figure 6: Stay Undetected &#8211; Success! (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<p><strong>Step 2: Applications Binaries Modified (AN: ATT: 01 \u2013 Application Binary Modification)<br \/>\n<\/strong><\/p>\n<p>Once the insecure deserialization achieved, the team uploaded a malicious code with the deserialization vulnerability to modify the application-level binaries on the remote device to introduce unauthorized code and to execute arbitrary commands on the remote system.<\/p>\n<figure id=\"attachment_3096\" aria-describedby=\"caption-attachment-3096\" style=\"width: 932px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Applications-Binaries-Modified.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3096 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Applications-Binaries-Modified.jpg\" alt=\"\" width=\"932\" height=\"526\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Applications-Binaries-Modified.jpg 932w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Applications-Binaries-Modified-300x169.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Applications-Binaries-Modified-768x433.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Applications-Binaries-Modified-696x393.jpg 696w\" sizes=\"auto, (max-width: 932px) 100vw, 932px\" \/><\/a><figcaption id=\"caption-attachment-3096\" class=\"wp-caption-text\">Figure 7: Stay Undetected &#8211; Execute Arbitrary Commands (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<h6 style=\"text-align: left;\">With the METEORSTORM\u2122 framework, this translates to<\/h6>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Layer<\/strong><\/td>\n<td style=\"width: 86.3506%; text-align: center;\"><strong>Entry<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>AN<\/strong><\/td>\n<td style=\"width: 86.3506%;\">AN: ATT: Attack Path: 01: Post-Upload Binary Modification of Payload<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Description<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Description: Modified the payload in-memory after upload, bypassing ESA signature enforcement to insert shell code.<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Source<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Source: Mapped from<\/p>\n<ul>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/IA-0001\/02\/\">SPARTA IA-0001.02<\/a>: Compromise Supply Chain: Software Supply Chain<\/li>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/IA-0006\/\">SPARTA IA-0006<\/a>: Compromise Hosted Payload<\/li>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/RD-0003\/01\/\">SPARTA RD-0003.01<\/a>: Exploit\/Payload<\/li>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/RD-0004\/02\/\">SPARTA RD-0004.02<\/a>: Upload Exploit\/Payload<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-301.html\">EMB3D.TID-301<\/a>: Applications Binaries Modified<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-302.html\">EMB3D.TID-302<\/a>: Install Untrusted Application<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-307.html\">EMB3D.TID-307<\/a>: Device Code Representations Inconsistent<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-308.html\">EMB3D.TID-308<\/a>: Code Overwritten to Avoid Detection<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-309.html\">EMB3D.TID-309<\/a>: Device Exploits Engineering Workstation<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Target<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Target: AST: FI: Firmware: 00: NMF Runtime Execution Kernel<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Step 3: Privilege escalation via the CAN bus (AN: ATT: 02 \u2013 Privilege Escalation via CAN Bus)<br \/>\n<\/strong><\/p>\n<p>At this stage, their app runs as an unprivileged Linux user and has no direct access to sensors but though the supervisor. Their objective is now to find system configuration issues or vulnerabilities to realize a privilege escalation from user to root.<\/p>\n<p>They identified that anyone can talk on the CAN bus, including unprivileged apps. And then, all commands send on the CAN bus are executing as root by a client that runs as root and that decodes and executes as root whatever command it receives.<\/p>\n<figure id=\"attachment_3100\" aria-describedby=\"caption-attachment-3100\" style=\"width: 940px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Privilege-Escalation.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3100 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Privilege-Escalation.jpg\" alt=\"\" width=\"940\" height=\"532\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Privilege-Escalation.jpg 940w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Privilege-Escalation-300x170.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Privilege-Escalation-768x435.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Privilege-Escalation-696x394.jpg 696w\" sizes=\"auto, (max-width: 940px) 100vw, 940px\" \/><\/a><figcaption id=\"caption-attachment-3100\" class=\"wp-caption-text\">Figure 8: Taking Control &#8211; Privilege Escalation from User to Root (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<h6 style=\"text-align: left;\">With the METEORSTORM\u2122 framework, this translates to<\/h6>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Layer<\/strong><\/td>\n<td style=\"width: 86.3506%; text-align: center;\"><strong>Entry<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>AN<\/strong><\/td>\n<td style=\"width: 86.3506%;\">AN: ATT: Attack Path: 02: Privilege Escalation via CAN Bus Interface<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Description<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Description: Experiment abuses unsecured access to CAN bus to issue root-level commands bypassing sandbox.<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Source<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Source: Mapped from<\/p>\n<ul>\n<li><a href=\"https:\/\/attack.mitre.org\/techniques\/T1548\/\">MITRE ATT&amp;CK T1548<\/a>: Abuse Elevation Control Mechanism<\/li>\n<li><a style=\"font-family: inherit; font-size: inherit;\" href=\"https:\/\/sparta.aerospace.org\/technique\/EX-0009\/02\/\">SPARTA EX-0009.02<\/a><span style=\"font-family: inherit; font-size: inherit;\">: Exploit Code Flaws: Operating System<\/span><\/li>\n<li><a style=\"font-family: inherit; font-size: inherit;\" href=\"https:\/\/sparta.aerospace.org\/technique\/LM-0002\/\">SPARTA LM-0002<\/a><span style=\"font-family: inherit; font-size: inherit;\">: Exploit Lack of Bus Segregation<\/span><\/li>\n<li><a style=\"font-family: inherit; font-size: inherit;\" href=\"https:\/\/emb3d.mitre.org\/threats\/TID-114.html\">EMB3D.TID-114<\/a><span style=\"font-family: inherit; font-size: inherit;\">: Peripheral Data Bus Interception<\/span><\/li>\n<li><a style=\"font-family: inherit; font-size: inherit;\" href=\"https:\/\/emb3d.mitre.org\/threats\/TID-412.html\">EMB3D.TID-412<\/a><span style=\"font-family: inherit; font-size: inherit;\">: Network Routing Capability Abuse<\/span><\/li>\n<li><a style=\"font-family: inherit; font-size: inherit;\" href=\"https:\/\/emb3d.mitre.org\/threats\/TID-204.html\">EMB3D.TID-204<\/a><span style=\"font-family: inherit; font-size: inherit;\">: Untrusted Programs Can Access Privileged OS Functions<\/span><\/li>\n<li><a style=\"font-family: inherit; font-size: inherit;\" href=\"https:\/\/emb3d.mitre.org\/threats\/TID-219.html\">EMB3D.TID-219<\/a><span style=\"font-family: inherit; font-size: inherit;\">: OS\/Kernel Privilege Escalation<\/span><\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Target<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Target: AST: HA: Hardware: 00: ARM-Based Onboard Computer<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_3102\" aria-describedby=\"caption-attachment-3102\" style=\"width: 942px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Arbitrary-Code-Execution.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3102 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Arbitrary-Code-Execution.jpg\" alt=\"\" width=\"942\" height=\"540\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Arbitrary-Code-Execution.jpg 942w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Arbitrary-Code-Execution-300x172.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Arbitrary-Code-Execution-768x440.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Arbitrary-Code-Execution-696x399.jpg 696w\" sizes=\"auto, (max-width: 942px) 100vw, 942px\" \/><\/a><figcaption id=\"caption-attachment-3102\" class=\"wp-caption-text\">Figure 9: Taking Control &#8211; Arbitrary Code Execution as Root (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<p><strong>Step 4: Persistence (AN: ATT: 03 \u2013 Persistence via Java Reverse Shell)<br \/>\n<\/strong><\/p>\n<p>At this stage, the app escalated as root. Now, the team needed to ensure persistent effects on sensors. They identified a jar library on the Supervisor that is writable by root user. A jar is simply a zip file, with compiled Java bytecode inside. The team crafted a bytecode based on the original one, and simply replace some files inside the jar. The supervisor now runs the jar containing the malicious bytecode.<\/p>\n<figure id=\"attachment_3104\" aria-describedby=\"caption-attachment-3104\" style=\"width: 934px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Persistance.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3104 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Persistance.jpg\" alt=\"\" width=\"934\" height=\"534\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Persistance.jpg 934w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Persistance-300x172.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Persistance-768x439.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Persistance-696x398.jpg 696w\" sizes=\"auto, (max-width: 934px) 100vw, 934px\" \/><\/a><figcaption id=\"caption-attachment-3104\" class=\"wp-caption-text\">Figure 10: Persistence &#8211; Injection of a Jar Library (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<h6 style=\"text-align: left;\">With the METEORSTORM\u2122 framework, this translates to<\/h6>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Layer<\/strong><\/td>\n<td style=\"width: 86.3506%; text-align: center;\"><strong>Entry<\/strong><\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>AN<\/strong><\/td>\n<td style=\"width: 86.3506%;\">AN: ATT: Attack Path: 03: Reverse Shell Persistence Inside Payload<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Description<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Description: Attacker embedded a Java-based backdoor triggered via timing or command sequence, enabling session persistence.<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Source<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Source: Mapped from<\/p>\n<ul>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/PER-0002\/02\/\">SPARTA PER-0002.02<\/a>: Backdoor: Software<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-304\">EMB3D.TID-304<\/a>: Manipulate Runtime Environment<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-305.html\">EMB3D.TID-305<\/a>: Program Executes Dangerous System Calls<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-203.html\">EMB3D.TID-203<\/a>: Malicious OS Kernel Driver\/Module Installable<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-202.html\">EMB3D.TID-202<\/a>: Exploitable System Network Stack Component<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-307.html\">EMB3D.TID-307<\/a>: Device Code Representations Inconsistent<\/li>\n<li><a href=\"https:\/\/emb3d.mitre.org\/threats\/TID-308.html\">EMB3D.TID-308<\/a>: Code Overwritten to Avoid Detection<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 13.6494%; text-align: center;\"><strong>Target<\/strong><\/td>\n<td style=\"width: 86.3506%;\">Target: AST: SO: Software: 00: Experiment Execution Stack<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Step 5: OPS-SAT attack by tampering with camera and ADCS (AN: ATT: 04 \u2013 Operational Impact: Tampering with Camera &amp; ADCS)<br \/>\n<\/strong><\/p>\n<p>Once the team escalated as root and ensured persistency, they took control on the supervisor and the demo effects was achieved.<\/p>\n<figure id=\"attachment_3106\" aria-describedby=\"caption-attachment-3106\" style=\"width: 930px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Demo-Effects.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3106 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Demo-Effects.jpg\" alt=\"\" width=\"930\" height=\"526\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Demo-Effects.jpg 930w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Demo-Effects-300x170.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Demo-Effects-768x434.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/THALES-OPS-SAT-Demo-Effects-696x394.jpg 696w\" sizes=\"auto, (max-width: 930px) 100vw, 930px\" \/><\/a><figcaption id=\"caption-attachment-3106\" class=\"wp-caption-text\">Figure 11: Demo Effects &#8211; Tampering with Camera &amp; ADCS (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<h6 style=\"text-align: left;\">With the METEORSTORM\u2122 framework, this translates to<\/h6>\n<table style=\"border-collapse: collapse; width: 100%; height: 130px;\">\n<tbody>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>Layer<\/strong><\/td>\n<td style=\"width: 86.3506%; text-align: center; height: 26px;\"><strong>Entry<\/strong><\/td>\n<\/tr>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>AN<\/strong><\/td>\n<td style=\"width: 86.3506%; height: 26px;\">AN: ATT: Attack Path: 04: Payload Tampering \u2013 Camera and ADCS Control<\/td>\n<\/tr>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>Description<\/strong><\/td>\n<td style=\"width: 86.3506%; height: 26px;\">Description: With elevated access, attacker issued unauthorized commands to alter imaging, navigation, and attitude data.<\/td>\n<\/tr>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>Source<\/strong><\/td>\n<td style=\"width: 86.3506%; height: 26px;\">Source: Mapped from<\/p>\n<ul>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/EX-0012\/06\/\">SPARTA EX-0007.02<\/a>: Modify On\u2011Board Values: Science\/Payload Data<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>Target<\/strong><\/td>\n<td style=\"width: 86.3506%; height: 26px;\">Target:<\/p>\n<ul>\n<li>AST: HA: Hardware: 01: ADCS<\/li>\n<li>AST: HA: Hardware: 02: GPS Receiver<\/li>\n<li>AST: HA: Hardware: 03: Optical Sensors<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><strong>Step 6: Other potential effects (but non demonstrated)<br \/>\n<\/strong><\/p>\n<p>When adversaries target a spacecraft, their primary goal is often to disrupt the mission. This disruption can involve compromising imagery, intercepting signals, or other mission-critical functions. Thales Group demonstrated this by successfully manipulating the payload data transmitted from the spacecraft. They also identified additional potential impacts that could occur if attackers gain further access and maintain their presence, though these were not carried out. With root access and ongoing control, the range of possible attacks becomes virtually unlimited.<\/p>\n<ul>\n<li>They could alter\/delete all images captured by the camera<\/li>\n<li>They could override satellite attitude requested by other apps<\/li>\n<li>This also provides persistence for the malicious code since the supervisor starts early and is almost always running<\/li>\n<\/ul>\n<figure id=\"attachment_3116\" aria-describedby=\"caption-attachment-3116\" style=\"width: 954px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Others-Potential-Effects.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-3116 size-full\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Others-Potential-Effects.jpg\" alt=\"\" width=\"954\" height=\"542\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Others-Potential-Effects.jpg 954w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Others-Potential-Effects-300x170.jpg 300w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Others-Potential-Effects-768x436.jpg 768w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/03\/Others-Potential-Effects-696x395.jpg 696w\" sizes=\"auto, (max-width: 954px) 100vw, 954px\" \/><\/a><figcaption id=\"caption-attachment-3116\" class=\"wp-caption-text\">Figure 12: Other Potential Effects (Slide courtesy Thales Group)<\/figcaption><\/figure>\n<h6 style=\"text-align: left;\">With the METEORSTORM\u2122 framework, this translates to<\/h6>\n<table style=\"border-collapse: collapse; width: 100%; height: 130px;\">\n<tbody>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>Layer<\/strong><\/td>\n<td style=\"width: 86.3506%; text-align: center; height: 26px;\"><strong>Entry<\/strong><\/td>\n<\/tr>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>AN<\/strong><\/td>\n<td style=\"width: 86.3506%; height: 26px;\">AN: ATT: Attack Path: 05: Other potential effects (but non demonstrated)<\/td>\n<\/tr>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>Description<\/strong><\/td>\n<td style=\"width: 86.3506%; height: 26px;\">Description: Thales Group also identified additional potential impacts that could occur if attackers gain further access and maintain their presence, though these were not carried out.<\/td>\n<\/tr>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>Source<\/strong><\/td>\n<td style=\"width: 86.3506%; height: 26px;\">Source: Mapped from<\/p>\n<ul>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/EX-0012\/08\/\" data-subtechnique_id=\"EX-0012.08\">SPARTA EX-0012.08<\/a>: Modify On\u2011Board Values &#8211; Attitude Determination &amp; Control Subsystem<\/li>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/EX-0012\/09\/\" data-subtechnique_id=\"EX-0012.09\">SPARTA EX-0012.09<\/a>: Modify On\u2011Board Values &#8211; Electrical Power Subsystem<\/li>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/EXF-0003\/\">SPARTA EXF-0003<\/a>: Eavesdropping (Signal Interception)<\/li>\n<li><a href=\"https:\/\/sparta.aerospace.org\/technique\/IMP-0001\/\">SPARTA IMP-0001<\/a>: Deception (or Misdirection), Disruption, Denial, Degradation, Destruction<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr style=\"height: 26px;\">\n<td style=\"width: 13.6494%; text-align: center; height: 26px;\"><strong>Target<\/strong><\/td>\n<td style=\"width: 86.3506%; height: 26px;\">Target:<\/p>\n<ul>\n<li>AST: DA: Data: 00: Onboard Experiment &amp; Telemetry<\/li>\n<li>AST: SI: Signal: 00: S-Band Uplink Receiver<\/li>\n<li>AST: HA: Hardware: 03: SDR &amp; Optical Receiver: Software-defined radio, optical downlink receiver for communications<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Attack Path Summary Table<\/h2>\n<p>Here is a clean and structured table presenting all six stages of the OPS-SAT attack path (AN: ATT) mapped from SPARTA and EMB3D Technique(s).<\/p>\n<table>\n<thead>\n<tr>\n<th><strong>ID<\/strong><\/th>\n<th><strong>Phase<\/strong><\/th>\n<th><strong>Technique(s) &#8211; SPARTA \/ EMB3D Mapping (abbrev)<\/strong><\/th>\n<th><strong>Target Asset<\/strong><\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>ATT:00<\/td>\n<td>Initial Access<\/td>\n<td>Deserialization flaw (EX-0009, EX-0009.01, TID-326)<\/td>\n<td>AST: SO: ESA App Manager<\/td>\n<\/tr>\n<tr>\n<td>ATT:01<\/td>\n<td>Execution Modification<\/td>\n<td>Binary tampering Post-Upload (IA-0001.02, IA-0006, RD-0003.01, RD-0004.02, TID-301\/302\/etc)<\/td>\n<td>AST: FI: NMF Runtime<\/td>\n<\/tr>\n<tr>\n<td>ATT:02<\/td>\n<td>Privilege Escalation<\/td>\n<td>Privilege Escalation via CAN Bus (EX-0009.02, LM-0002, T1548, TID-114\/412\/204\/219)<\/td>\n<td>AST: HA: ARM-Based Computer<\/td>\n<\/tr>\n<tr>\n<td>ATT:03<\/td>\n<td>Persistence<\/td>\n<td>Persistence via Reverse Shell (PER-0002.02, TID-304\/305\/203\/202\/307\/308)<\/td>\n<td>AST: SO: Experiment Execution<\/td>\n<\/tr>\n<tr>\n<td>ATT:04<\/td>\n<td>Impact<\/td>\n<td>Camera\/ADCS tampering (EX-0007.02)<\/td>\n<td>AST: HA: ADCS, GPS, Optical Sensors<\/td>\n<\/tr>\n<tr>\n<td>ATT:05<\/td>\n<td>Other potential effects<\/td>\n<td>Modeled Additional Impacts like Eavesdropping, Deception (EX-0012.08, EX-0012.09, EXF-0003, IMP-0001)<\/td>\n<td>AST: DA, SI, HA (SDR &amp; Optics)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/ops_sat_attack_graph.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3173\" src=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/ops_sat_attack_graph.jpg\" alt=\"\" width=\"352\" height=\"774\" srcset=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/ops_sat_attack_graph.jpg 352w, https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/ops_sat_attack_graph-136x300.jpg 136w\" sizes=\"auto, (max-width: 352px) 100vw, 352px\" \/><\/a><\/p>\n<h2>Next steps to go further<\/h2>\n<p>After modeling the nominal state of the OPS-SAT platform with Function One &#8211; Concept of Operations (CONOPS) and after Threat Modeling the system with known and theoretical attack paths, the next step of this series of articles is to record resilience measures.<\/p>\n<p>At the end of this series, we will present the advantages of the METEORSTORM\u2122 framework for a Satellite System. We will summarize the key benefits of applying this approach to space assets. We will consolidate our findings, highlight the added value of the METEORSTORM\u2122 framework, and provide practical insights for system designers, cybersecurity architects, and mission planners.<\/p>\n<h2>Acknowledgments<\/h2>\n<p>Many thanks to ESA, to the CYSAT conference and to the Thales team for making this experiment possible, and for making it so enriching for the community.<\/p>\n<p>A big thank you also to the SPARTA team, who inspired this article and contribute to strengthening the cybersecurity of satellites and space systems.<\/p>\n<p>Congratulations to the ethicallyHackingspace (eHs)\u00ae team and William Ferguson for this amazing work!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Disclaimer Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the satellite. Both activities are independent of each other and were carried out by different teams. There is no association between me and the team that conducted the hacking experiment. This [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3177,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38,39,40,22,28],"tags":[],"class_list":{"0":"post-3182","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-en","8":"category-defense-en","9":"category-france-en","10":"category-hacking-en","11":"category-satellite-en"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1) - Space &amp; Cybersecurity Info<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1) - Space &amp; Cybersecurity Info\" \/>\n<meta property=\"og:description\" content=\"Disclaimer Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the satellite. Both activities are independent of each other and were carried out by different teams. There is no association between me and the team that conducted the hacking experiment. This [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/\" \/>\n<meta property=\"og:site_name\" content=\"Space &amp; Cybersecurity Info\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-16T18:17:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-16T18:54:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1020\" \/>\n\t<meta property=\"og:image:height\" content=\"615\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fran\u00e7ois Quiquet\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fran\u00e7ois Quiquet\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"17 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/\"},\"author\":{\"name\":\"Fran\u00e7ois Quiquet\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/person\\\/5e36ba49bf1d87a387c9ab60c233013c\"},\"headline\":\"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1)\",\"datePublished\":\"2025-07-16T18:17:49+00:00\",\"dateModified\":\"2025-07-16T18:54:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/\"},\"wordCount\":2861,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg\",\"articleSection\":[\"Cyber\",\"D\u00e9fense\",\"France\",\"Hacking\",\"Satellite\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/\",\"name\":\"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1) - Space &amp; Cybersecurity Info\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg\",\"datePublished\":\"2025-07-16T18:17:49+00:00\",\"dateModified\":\"2025-07-16T18:54:47+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg\",\"contentUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg\",\"width\":1020,\"height\":615},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\",\"name\":\"Space Cybersecurity Info\",\"description\":\"La cybers\u00e9curit\u00e9 appliqu\u00e9e au domaine de l&#039;espace\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#organization\",\"name\":\"Space Security Info\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/SSI-Logo-4.jpg\",\"contentUrl\":\"https:\\\/\\\/www.spacesecurity.info\\\/wp-content\\\/uploads\\\/2020\\\/05\\\/SSI-Logo-4.jpg\",\"width\":594,\"height\":144,\"caption\":\"Space Security Info\"},\"image\":{\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/#\\\/schema\\\/person\\\/5e36ba49bf1d87a387c9ab60c233013c\",\"name\":\"Fran\u00e7ois Quiquet\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g\",\"caption\":\"Fran\u00e7ois Quiquet\"},\"description\":\"(EN) I'm a cybersecurity engineer in network, telecommunication and embedded\\\/integrated systems. Founder of the website spacesecurity.info. Passionate about cybersecurity and space, I share my two passions through this site. My goal is to federate a community around these two themes. Join my LinkedIn Group. (FR) Je suis ing\u00e9nieur cybers\u00e9curit\u00e9 en r\u00e9seau, t\u00e9l\u00e9communication et syst\u00e8mes embarqu\u00e9s et int\u00e9gr\u00e9s. Fondateur du site spacesecurity.info. Passionn\u00e9 de cybers\u00e9curit\u00e9 et du monde de l'espace, j'ai souhait\u00e9 partager mes deux passions \u00e0 travers ce site. Mon objectif est de f\u00e9d\u00e9rer une communaut\u00e9 autour de ces deux th\u00e8mes. Rejoindre mon groupe LinkedIn.\",\"sameAs\":[\"https:\\\/\\\/www.spacesecurity.info\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/francoisquiquet\\\/\"],\"url\":\"https:\\\/\\\/www.spacesecurity.info\\\/en\\\/author\\\/francois\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1) - Space &amp; Cybersecurity Info","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/","og_locale":"en_US","og_type":"article","og_title":"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1) - Space &amp; Cybersecurity Info","og_description":"Disclaimer Please be informed that the analysis detailed in this article is entirely separate from the hacking experiment conducted by the Thales team on the satellite. Both activities are independent of each other and were carried out by different teams. There is no association between me and the team that conducted the hacking experiment. This [&hellip;]","og_url":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/","og_site_name":"Space &amp; Cybersecurity Info","article_published_time":"2025-07-16T18:17:49+00:00","article_modified_time":"2025-07-16T18:54:47+00:00","og_image":[{"width":1020,"height":615,"url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg","type":"image\/jpeg"}],"author":"Fran\u00e7ois Quiquet","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fran\u00e7ois Quiquet","Est. reading time":"17 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/#article","isPartOf":{"@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/"},"author":{"name":"Fran\u00e7ois Quiquet","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/person\/5e36ba49bf1d87a387c9ab60c233013c"},"headline":"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1)","datePublished":"2025-07-16T18:17:49+00:00","dateModified":"2025-07-16T18:54:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/"},"wordCount":2861,"commentCount":0,"publisher":{"@id":"https:\/\/www.spacesecurity.info\/en\/#organization"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg","articleSection":["Cyber","D\u00e9fense","France","Hacking","Satellite"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/","url":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/","name":"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1) - Space &amp; Cybersecurity Info","isPartOf":{"@id":"https:\/\/www.spacesecurity.info\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/#primaryimage"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg","datePublished":"2025-07-16T18:17:49+00:00","dateModified":"2025-07-16T18:54:47+00:00","breadcrumb":{"@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/#primaryimage","url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg","contentUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2025\/07\/An-analysis-of-the-Thales-satellite-hacking-demo-at-CYSAT-2023-with-the-METEORSTORM\u2122-framework-and-the-AI-CoPilot.jpg","width":1020,"height":615},{"@type":"BreadcrumbList","@id":"https:\/\/www.spacesecurity.info\/en\/an-analysis-of-the-thales-satellite-hacking-demo-at-cysat-2023-with-the-meteorstorm-framework-and-the-ai-copilot-part-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.spacesecurity.info\/en\/"},{"@type":"ListItem","position":2,"name":"An analysis of the Thales satellite hacking demo at CYSAT 2023 with the METEORSTORM\u2122 framework and the AI-CoPilot (Part 1)"}]},{"@type":"WebSite","@id":"https:\/\/www.spacesecurity.info\/en\/#website","url":"https:\/\/www.spacesecurity.info\/en\/","name":"Space Cybersecurity Info","description":"La cybers\u00e9curit\u00e9 appliqu\u00e9e au domaine de l&#039;espace","publisher":{"@id":"https:\/\/www.spacesecurity.info\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.spacesecurity.info\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.spacesecurity.info\/en\/#organization","name":"Space Security Info","url":"https:\/\/www.spacesecurity.info\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2020\/05\/SSI-Logo-4.jpg","contentUrl":"https:\/\/www.spacesecurity.info\/wp-content\/uploads\/2020\/05\/SSI-Logo-4.jpg","width":594,"height":144,"caption":"Space Security Info"},"image":{"@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.spacesecurity.info\/en\/#\/schema\/person\/5e36ba49bf1d87a387c9ab60c233013c","name":"Fran\u00e7ois Quiquet","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e50e669b3dbfb22c278a01d57cebe52e5b3900d3301faa1c4fefe35cd22d2186?s=96&d=mm&r=g","caption":"Fran\u00e7ois Quiquet"},"description":"(EN) I'm a cybersecurity engineer in network, telecommunication and embedded\/integrated systems. Founder of the website spacesecurity.info. Passionate about cybersecurity and space, I share my two passions through this site. My goal is to federate a community around these two themes. Join my LinkedIn Group. (FR) Je suis ing\u00e9nieur cybers\u00e9curit\u00e9 en r\u00e9seau, t\u00e9l\u00e9communication et syst\u00e8mes embarqu\u00e9s et int\u00e9gr\u00e9s. Fondateur du site spacesecurity.info. Passionn\u00e9 de cybers\u00e9curit\u00e9 et du monde de l'espace, j'ai souhait\u00e9 partager mes deux passions \u00e0 travers ce site. Mon objectif est de f\u00e9d\u00e9rer une communaut\u00e9 autour de ces deux th\u00e8mes. Rejoindre mon groupe LinkedIn.","sameAs":["https:\/\/www.spacesecurity.info","https:\/\/www.linkedin.com\/in\/francoisquiquet\/"],"url":"https:\/\/www.spacesecurity.info\/en\/author\/francois\/"}]}},"_links":{"self":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/3182","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/comments?post=3182"}],"version-history":[{"count":2,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/3182\/revisions"}],"predecessor-version":[{"id":3186,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/posts\/3182\/revisions\/3186"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/media\/3177"}],"wp:attachment":[{"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/media?parent=3182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/categories?post=3182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.spacesecurity.info\/en\/wp-json\/wp\/v2\/tags?post=3182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}