Alternate Network Mediums

Adversaries can communicate using cellular networks rather than enterprise Wi-Fi in order to bypass enterprise network monitoring systems. Adversaries may also communicate using other non-Internet Protocol mediums such as SMS, NFC, or Bluetooth to bypass network monitoring systems.

ID: T1438
Tactic Type: Post-Adversary Device Access
Tactic: Command And Control, Exfiltration
Platform: Android, iOS
Version: 1.0

Procedure Examples

Name Description
Android/Chuli.A Android/Chuli.A used SMS to receive command and control messages. [5]
Gustuff Gustuff can use SMS for command and control from a defined admin phone number. [8]
Monokle Monokle can be controlled via email and SMS/phone call from a set of "control phones." [9]
Pegasus for Android Pegasus for Android uses SMS for command and control. [4]
Pegasus for iOS Pegasus for iOS uses SMS for command and control. [2]
RCSAndroid RCSAndroid can use SMS for command and control. [3]
Rotexy Rotexy can be controlled through SMS messages. [10]
Skygofree Skygofree can be controlled via binary SMS. [1]
SpyDealer SpyDealer enables remote control of the victim through SMS channels. [7]
Stealth Mango Stealth Mango uses commands received from text messages for C2. [6]


This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.