Fallback Channels (T1008)

Tactic: Command and Control

Tactics: Command and Control
Platforms: ESXi, Linux, macOS, Windows
Reference: attack.mitre.org/techniques/T1008

Description

Adversaries may use fallback or alternate communication channels if the primary channel is compromised or inaccessible in order to maintain reliable command and control and to avoid data transfer thresholds.

How GTK Cyber trains on this

GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Command and Control tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.

Threat Hunting with Data Science → · All training courses

Related techniques

T1001 — Data Obfuscation
T1071 — Application Layer Protocol
T1090 — Proxy
T1092 — Communication Through Removable Media
T1095 — Non-Application Layer Protocol
T1102 — Web Service
T1104 — Multi-Stage Channels
T1105 — Ingress Tool Transfer
T1132 — Data Encoding
T1205 — Traffic Signaling
T1219 — Remote Access Tools
T1568 — Dynamic Resolution

Train your team to detect attacks like this.

GTK Cyber's Threat Hunting with Data Science course is taught by practitioners who detect this stuff for a living.

Explore Threat Hunting Training