T1496.002SubTechniqueimpact

T1496.002Bandwidth Hijacking

Sub-technique of T1496

Platforms: Linux · Windows · macOS · IaaS · Containers

ATT&CK version: v19.1

What it is

Adversaries may leverage the network bandwidth resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability. Adversaries may also use malware that leverages a system's network bandwidth as part of a botnet in order to facilitate [Network Denial of Service](https://attack.mitre.org/techniques/T1498) campaigns and/or to seed malicious torrents.(Citation: GoBotKR) Alternatively, they may engage in proxyjacking by selling use of the victims' network bandwidth and IP address to proxyware services.(Citation: Sysdig Proxyjacking) Finally, they may engage in internet-wide scanning in order to identify additional targets for compromise.(Citation: Unit 42 Leaked Environment Variables 2024) In addition to incurring potential financial costs or availability disruptions, this technique may cause reputational damage if a victim’s bandwidth is used for illegal activities.(Citation: Sysdig Proxyjacking)

ATT&CK tactics· 1

Impact

References

  1. https://attack.mitre.org/techniques/T1496/002
  2. https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited/
  3. https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
  4. https://www.welivesecurity.com/2019/07/08/south-korean-users-backdoor-torrents/
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.