Alternate Network Mediums
Adversaries can communicate using cellular networks rather than enterprise Wi-Fi in order to bypass enterprise network monitoring systems. Adversaries may also communicate using other non-Internet Protocol mediums such as SMS, NFC, or Bluetooth to bypass network monitoring systems.
|Android/Chuli.A||Android/Chuli.A used SMS to receive command and control messages. |
|Gustuff||Gustuff can use SMS for command and control from a defined admin phone number. |
|Monokle||Monokle can be controlled via email and SMS/phone call from a set of "control phones." |
|Pegasus for Android||Pegasus for Android uses SMS for command and control. |
|Pegasus for iOS||Pegasus for iOS uses SMS for command and control. |
|RCSAndroid||RCSAndroid can use SMS for command and control. |
|Rotexy||Rotexy can be controlled through SMS messages. |
|Skygofree||Skygofree can be controlled via binary SMS. |
|SpyDealer||SpyDealer enables remote control of the victim through SMS channels. |
|Stealth Mango||Stealth Mango uses commands received from text messages for C2. |
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
- Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.
- Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.
- Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.
- Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.
- Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.
- Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.
- Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.
- Vitor Ventura. (2019, April 9). Gustuff banking botnet targets Australia . Retrieved September 3, 2019.
- Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.
- T. Shishkova, L. Pikman. (2018, November 22). The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.