Alternate Network Mediums

Adversaries can communicate using cellular networks rather than enterprise Wi-Fi in order to bypass enterprise network monitoring systems. Adversaries may also communicate using other non-Internet Protocol mediums such as SMS, NFC, or Bluetooth to bypass network monitoring systems.

ID: T1438
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactics: Command And Control, Exfiltration
Platforms: Android, iOS
MTC ID: APP-30
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Procedure Examples

Name Description
Android/Chuli.A

Android/Chuli.A used SMS to receive command and control messages.[1]

Desert Scorpion

Desert Scorpion can be controlled using SMS messages.[2]

Gustuff

Gustuff can use SMS for command and control from a defined admin phone number.[3]

Monokle

Monokle can be controlled via email and SMS/phone call from a set of "control phones."[4]

Pegasus for Android

Pegasus for Android uses SMS for command and control.[5]

Pegasus for iOS

Pegasus for iOS uses SMS for command and control.[6]

RCSAndroid

RCSAndroid can use SMS for command and control.[7]

Rotexy

Rotexy can be controlled through SMS messages.[8]

Skygofree

Skygofree can be controlled via binary SMS.[9]

SpyDealer

SpyDealer enables remote control of the victim through SMS channels.[10]

Stealth Mango

Stealth Mango uses commands received from text messages for C2.[11]

TrickMo

TrickMo can be controlled via encrypted SMS message.[12]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References