Adversaries may attempt to exfiltrate data over Bluetooth rather than the command and control channel. If the command and control network is a wired Internet connection, an attacker may opt to exfiltrate data using a Bluetooth communication channel.
Adversaries may choose to do this if they have sufficient access and proximity. Bluetooth connections might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-18 | Wireless Access | Protects | T1011.001 | Exfiltration Over Bluetooth |
| CM-2 | Baseline Configuration | Protects | T1011.001 | Exfiltration Over Bluetooth |
| CM-6 | Configuration Settings | Protects | T1011.001 | Exfiltration Over Bluetooth |
| CM-7 | Least Functionality | Protects | T1011.001 | Exfiltration Over Bluetooth |
| CM-8 | System Component Inventory | Protects | T1011.001 | Exfiltration Over Bluetooth |
| RA-5 | Vulnerability Monitoring and Scanning | Protects | T1011.001 | Exfiltration Over Bluetooth |
| SI-3 | Malicious Code Protection | Protects | T1011.001 | Exfiltration Over Bluetooth |
| SI-4 | System Monitoring | Protects | T1011.001 | Exfiltration Over Bluetooth |
| action.malware.variety.Export data | Export data to another site or system | related-to | T1011.001 | Exfiltration Over Other Network Medium: Exfiltration Over Bluetooth |