Alternate Network Mediums

Adversaries can communicate using cellular networks rather than enterprise Wi-Fi in order to bypass enterprise network monitoring systems. Adversaries may also communicate using other non-Internet Protocol mediums such as SMS, NFC, or Bluetooth to bypass network monitoring systems.

ID: T1438
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Platforms: Android, iOS
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Procedure Examples

ID Name Description
S0304 Android/Chuli.A

Android/Chuli.A used SMS to receive command and control messages.[1]

S0529 CarbonSteal

CarbonSteal has used specially crafted SMS messages to control the target device.[2]

S0505 Desert Scorpion

Desert Scorpion can be controlled using SMS messages.[3]

S0406 Gustuff

Gustuff can use SMS for command and control from a defined admin phone number.[4]

S0407 Monokle

Monokle can be controlled via email and SMS/phone call from a set of "control phones."[5]

S0316 Pegasus for Android

Pegasus for Android uses SMS for command and control.[6]

S0289 Pegasus for iOS

Pegasus for iOS uses SMS for command and control.[7]

S0295 RCSAndroid

RCSAndroid can use SMS for command and control.[8]

S0411 Rotexy

Rotexy can be controlled through SMS messages.[9]

S0327 Skygofree

Skygofree can be controlled via binary SMS.[10]

S0324 SpyDealer

SpyDealer enables remote control of the victim through SMS channels.[11]

S0328 Stealth Mango

Stealth Mango uses commands received from text messages for C2.[12]

S0427 TrickMo

TrickMo can be controlled via encrypted SMS message.[13]


This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.