Alternate Network Mediums
Adversaries can communicate using cellular networks rather than enterprise Wi-Fi in order to bypass enterprise network monitoring systems. Adversaries may also communicate using other non-Internet Protocol mediums such as SMS, NFC, or Bluetooth to bypass network monitoring systems.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
|Android/Chuli.A||Android/Chuli.A used SMS to receive command and control messages. |
|Pegasus for Android||Pegasus for Android uses SMS for command and control. |
|Pegasus for iOS||Pegasus for iOS uses SMS for command and control. |
|RCSAndroid||RCSAndroid can use SMS for command and control. |
|Skygofree||Skygofree can be controlled via binary SMS. |
|SpyDealer||SpyDealer enables remote control of the victim through SMS channels. |
|Stealth Mango||Stealth Mango uses commands received from text messages for C2. |
- Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.
- Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.
- Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.
- Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.
- Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.
- Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.
- Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.