Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| endpoint_management | Endpoint Management | technique_scores | T1052.001 | Exfiltration over USB |
| chronicle | Chronicle | technique_scores | T1052.001 | Exfiltration over USB |