T1011.001SubTechniqueexfiltrationagent-callable

T1011.001Exfiltration Over Bluetooth

Sub-technique of T1011

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an adversary may opt to exfiltrate data using a Bluetooth communication channel. Adversaries may choose to do this if they have sufficient access and proximity. Bluetooth connections might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.

ATT&CK tactics· 1

Exfiltration

References

  1. https://attack.mitre.org/techniques/T1011/001
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.