MITRE ATT&CK / T1052
T1052
Exfiltration Over Physical Medium
Exfiltration
Description
Adversaries may attempt to exfiltrate data via a physical medium, such as a removable drive. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a physical medium or device introduced by a user. Such media could be an external hard drive, USB drive, cellular phone, MP3 player, or other removable storage and processing device. The physical medium or device could be used as the final exfiltration point or to hop between otherwise disconnected systems.
Platforms
LinuxmacOSWindows
Mitigations
- M1057 — Data Loss Prevention
- M1034 — Limit Hardware Installation
- M1042 — Disable or Remove Feature or Program
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →