JUST RELEASED: ATT&CK for Industrial Control Systems

Alternate Network Mediums

Adversaries can communicate using cellular networks rather than enterprise Wi-Fi in order to bypass enterprise network monitoring systems. Adversaries may also communicate using other non-Internet Protocol mediums such as SMS, NFC, or Bluetooth to bypass network monitoring systems.

ID: T1438
Tactic Type: Post-Adversary Device Access
Tactic: Command And Control, Exfiltration
Platform: Android, iOS
MTC ID: APP-30
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Procedure Examples

Name Description
Android/Chuli.A

Android/Chuli.A used SMS to receive command and control messages.[5]

Gustuff

Gustuff can use SMS for command and control from a defined admin phone number. [8]

Monokle

Monokle can be controlled via email and SMS/phone call from a set of "control phones."[9]

Pegasus for Android

Pegasus for Android uses SMS for command and control.[4]

Pegasus for iOS

Pegasus for iOS uses SMS for command and control.[2]

RCSAndroid

RCSAndroid can use SMS for command and control.[3]

Rotexy

Rotexy can be controlled through SMS messages.[10]

Skygofree

Skygofree can be controlled via binary SMS.[1]

SpyDealer

SpyDealer enables remote control of the victim through SMS channels.[7]

Stealth Mango

Stealth Mango uses commands received from text messages for C2.[6]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References