Register to stream ATT&CKcon 2.0 October 29-30

Alternate Network Mediums

Adversaries can communicate using cellular networks rather than enterprise Wi-Fi in order to bypass enterprise network monitoring systems. Adversaries may also communicate using other non-Internet Protocol mediums such as SMS, NFC, or Bluetooth to bypass network monitoring systems.

ID: T1438
Tactic Type: Post-Adversary Device Access
Tactic: Command And Control, Exfiltration
Platform: Android, iOS
MTC ID: APP-30
Version: 1.0

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

Examples

Name Description
Android/Chuli.A Android/Chuli.A used SMS to receive command and control messages. [5]
Pegasus for Android Pegasus for Android uses SMS for command and control. [4]
Pegasus for iOS Pegasus for iOS uses SMS for command and control. [2]
RCSAndroid RCSAndroid can use SMS for command and control. [3]
Skygofree Skygofree can be controlled via binary SMS. [1]
SpyDealer SpyDealer enables remote control of the victim through SMS channels. [7]
Stealth Mango Stealth Mango uses commands received from text messages for C2. [6]

References