T1011.001 Exfiltration Over Bluetooth
Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an adversary may opt to exfiltrate data using a Bluetooth communication channel.
Adversaries may choose to do this if they have sufficient access and proximity. Bluetooth connections might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.
Item |
Value |
ID |
T1011.001 |
Sub-techniques |
T1011.001 |
Tactics |
TA0010 |
Platforms |
Linux, Windows, macOS |
Version |
1.1 |
Created |
09 March 2020 |
Last Modified |
08 March 2022 |
Procedure Examples
ID |
Name |
Description |
S0143 |
Flame |
Flame has a module named BeetleJuice that contains Bluetooth functionality that may be used in different ways, including transmitting encoded information from the infected system over the Bluetooth protocol, acting as a Bluetooth beacon, and identifying other Bluetooth devices in the vicinity. |
Mitigations
Detection
References