T1496.002 Bandwidth Hijacking
Adversaries may leverage the network bandwidth resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
Adversaries may also use malware that leverages a system’s network bandwidth as part of a botnet in order to facilitate Network Denial of Service campaigns and/or to seed malicious torrents.3 Alternatively, they may engage in proxyjacking by selling use of the victims’ network bandwidth and IP address to proxyware services.1 Finally, they may engage in internet-wide scanning in order to identify additional targets for compromise.2
In addition to incurring potential financial costs or availability disruptions, this technique may cause reputational damage if a victim’s bandwidth is used for illegal activities.1
| Item | Value |
|---|---|
| ID | T1496.002 |
| Sub-techniques | T1496.001, T1496.002, T1496.003, T1496.004 |
| Tactics | TA0040 |
| Platforms | Containers, IaaS, Linux, Windows, macOS |
| Version | 1.0 |
| Created | 25 September 2024 |
| Last Modified | 15 April 2025 |
References
-
Crystal Morin. (2023, April 4). Proxyjacking has Entered the Chat. Retrieved July 6, 2023. ↩↩
-
Margaret Kelley, Sean Johnstone, William Gamazo, and Nathaniel Quist. (2024, August 15). Leaked Environment Variables Allow Large-Scale Extortion Operation in Cloud Environments. Retrieved September 25, 2024. ↩
-
Zuzana Hromcová. (2019, July 8). Malicious campaign targets South Korean users with backdoor‑laced torrents. Retrieved March 31, 2022. ↩