Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.
|S0490||XLoader for iOS|
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
Exfiltration over C2 channel can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.