TA005 Persistence · T005.004 — Technique
Cloud Backend Persistence
Maintenance of unauthorized access to cloud-based fleet management, telemetry storage, or UTM backend systems.
Sub-techniques (4)
- API key theft and reuse
- OAuth refresh token persistence
- Cloud function backdoor
- Database credential persistence
Applicable countermeasures
CM-003 Firmware Integrity and Secure Boot
Cryptographic signing and hardware-enforced verification of all firmware images at boot using a hardware root of trust.
NIST SP 800-53 SI-7 · NIST SP 800-193 · DO-326A · IEC 62443-4-2 CR 3.4
CM-007 Physical Debug Interface Protection
Disabling or cryptographically protecting all JTAG/UART/USB debug interfaces on production hardware.
NIST SP 800-53 AC-3 · IEC 62443-4-2 CR 1.1 · NIST SP 800-193 · DO-326A Sec 5
CM-008 GCS Network Segmentation and Hardening
Isolation of GCS from enterprise networks, least-privilege access enforcement, host hardening, and network anomaly detection.
NIST SP 800-53 SC-7 · CIS Controls v8 Control 12 · ISO/IEC 27001 A.13 · NSA/CISA Segmentation Guide
CM-010 Swarm Node Mutual Authentication
Open in the interactive matrix
Cryptographic mutual authentication between all swarm nodes with message integrity to prevent rogue insertion and hopping.
NIST SP 800-53 IA-3 · IEEE 1609.2 · STANAG 4586 · IEC 62443-3-3 SR 1.2