T1052.001

Exfiltration over USB

SUB-TECHNIQUE Exfiltration

Description

Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems.

Platforms

LinuxWindowsmacOS

Mitigations

M1042 — Disable or Remove Feature or Program
M1034 — Limit Hardware Installation
M1057 — Data Loss Prevention

Look up any technique

Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.

Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →