Small satellites increasingly rely on Commercial Off-The-Shelf (COTS) hardware, significantly expanding their attack surface; however, the stealthiness of insider threats within their supply chain and the feasibility of multi-vector attacks remain unexplored systematically. Method: This paper introduces SpyChain—the first end-to-end hardware supply-chain attack framework tailored for small satellites—featuring a taxonomy of five stealthy attack scenarios and uncovering novel multi-component collaborative execution techniques. Leveraging NASA’s NOS3 simulation platform, we implement hardware-level implants, runtime monitoring evasion, and dynamically coordinated malware. Contribution/Results: Our attacks achieve undetectable telemetry exfiltration, operational disruption, and denial-of-service while ensuring persistence and evading detection. We further propose and validate a lightweight onboard defense mechanism. The findings have been integrated into the SPARTA matrix and formally acknowledged by the NASA NOS3 team.

Small satellites are integral to scientific, commercial, and defense missions, but reliance on commercial off-the-shelf (COTS) hardware broadens their attack surface. Although supply chain threats are well studied in other cyber-physical domains, their feasibility and stealth in space systems remain largely unexplored. Prior work has focused on flight software, which benefits from strict security practices and oversight. In contrast, auxiliary COTS components often lack robust assurance yet enjoy comparable access to critical on-board resources, including telemetry, system calls, and the software bus. Despite this privileged access, the insider threat within COTS hardware supply chains has received little attention. In this work, we present SpyChain, the first end-to-end design and implementation of independent and colluding hardware supply chain threats targeting small satellites. Using NASA's satellite simulation (NOS3), we demonstrate that SpyChain can evade testing, exfiltrate telemetry, disrupt operations, and launch Denial of Service (DoS) attacks through covert channels that bypass ground monitoring. Our study traces an escalation from a simple solo component to dynamic, coordinating malware, introducing a taxonomy of stealth across five scenarios. We showcase how implicit trust in auxiliary components enables covert persistence and reveal novel attack vectors, highlighting a new multi-component execution technique that is now incorporated into the SPARTA matrix. Our findings are reinforced by acknowledgment and affirmation from NASA's NOS3 team. Finally, we implement lightweight onboard defenses, including runtime monitoring, to mitigate threats like SpyChain.