1. Home
  2. ATT&CK Techniques
  3. T1052.001 Exfiltration over USB

T1052.001 Exfiltration over USB

Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems.

View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
AC-16 Security and Privacy Attributes Protects T1052.001 Exfiltration over USB
AC-2 Account Management Protects T1052.001 Exfiltration over USB
AC-20 Use of External Systems Protects T1052.001 Exfiltration over USB
AC-23 Data Mining Protection Protects T1052.001 Exfiltration over USB
AC-3 Access Enforcement Protects T1052.001 Exfiltration over USB
AC-6 Least Privilege Protects T1052.001 Exfiltration over USB
CA-7 Continuous Monitoring Protects T1052.001 Exfiltration over USB
CM-2 Baseline Configuration Protects T1052.001 Exfiltration over USB
CM-6 Configuration Settings Protects T1052.001 Exfiltration over USB
CM-7 Least Functionality Protects T1052.001 Exfiltration over USB
CM-8 System Component Inventory Protects T1052.001 Exfiltration over USB
MP-7 Media Use Protects T1052.001 Exfiltration over USB
RA-5 Vulnerability Monitoring and Scanning Protects T1052.001 Exfiltration over USB
SA-8 Security and Privacy Engineering Principles Protects T1052.001 Exfiltration over USB
SC-28 Protection of Information at Rest Protects T1052.001 Exfiltration over USB
SC-41 Port and I/O Device Access Protects T1052.001 Exfiltration over USB
SI-3 Malicious Code Protection Protects T1052.001 Exfiltration over USB
SI-4 System Monitoring Protects T1052.001 Exfiltration over USB
SR-4 Provenance Protects T1052.001 Exfiltration over USB