1. Home
  2. ATT&CK Techniques
  3. T1052.001 Exfiltration over USB

T1052.001 Exfiltration over USB Mappings

Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1052.001 Exfiltration over USB
AC-02 Account Management Protects T1052.001 Exfiltration over USB
AC-20 Use of External Systems Protects T1052.001 Exfiltration over USB
AC-23 Data Mining Protection Protects T1052.001 Exfiltration over USB
AC-03 Access Enforcement Protects T1052.001 Exfiltration over USB
AC-06 Least Privilege Protects T1052.001 Exfiltration over USB
CA-07 Continuous Monitoring Protects T1052.001 Exfiltration over USB
CM-02 Baseline Configuration Protects T1052.001 Exfiltration over USB
CM-06 Configuration Settings Protects T1052.001 Exfiltration over USB
CM-07 Least Functionality Protects T1052.001 Exfiltration over USB
CM-08 System Component Inventory Protects T1052.001 Exfiltration over USB
MP-07 Media Use Protects T1052.001 Exfiltration over USB
RA-05 Vulnerability Monitoring and Scanning Protects T1052.001 Exfiltration over USB
SA-08 Security and Privacy Engineering Principles Protects T1052.001 Exfiltration over USB
SC-28 Protection of Information at Rest Protects T1052.001 Exfiltration over USB
SC-41 Port and I/O Device Access Protects T1052.001 Exfiltration over USB
SI-03 Malicious Code Protection Protects T1052.001 Exfiltration over USB
SI-04 System Monitoring Protects T1052.001 Exfiltration over USB
SR-04 Provenance Protects T1052.001 Exfiltration over USB