Adversaries may use scripts automatically executed at boot or logon initialization to establish persistence. This technique allows adversaries to execute commands, scripts, or binaries during the boot-up or logon process, enabling them to establish a foothold and ensure continued access to the vehicle's systems.
Adversaries may use these scripts to maintain persistence on a single system. Depending on the access configuration of the logon scripts, either local credentials or an administrator account may be necessary.
An adversary may also be able to escalate their privileges since some boot or logon initialization scripts run with higher privileges.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.