This study addresses the critical threat posed by stealthy command-and-control (C2) channels that adversaries can exploit to conduct persistent, hard-to-detect security and privacy attacks once the 5G core network is compromised. For the first time, this work systematically proposes a method to chain together invisible C2 channels within the 5G core network. By integrating 5G protocol analysis, covert channel construction, and attack chain modeling, the research uncovers significant blind spots in existing defense mechanisms and successfully validates multiple attack pathways capable of evading current detection and mitigation techniques. These findings underscore the profound vulnerability of 5G infrastructure to supply-chain threats and highlight urgent needs for more robust defensive strategies.

Mobile networks are essential for modern societies. The most recent generation of mobile networks will be even more ubiquitous than previous ones. Therefore, the security of these networks as part of the critical infrastructure with essential communication services is of the uttermost importance. However, these systems are still vulnerable to being compromised, as showcased in the recent discussion on supply chain security and other challenges. This work addresses problems arising from compromised 5G core network components. The investigations reveal how attacks based on command and control communication can be designed so that they cannot be detected or prevented. This way, various attacks against the security and privacy of subscribers can be performed for which no effective countermeasures are available.