- Tactics
- Impact
- Platforms
- Linux, Windows, macOS, IaaS, Containers
- Reference
- attack.mitre.org/techniques/T1496.002
Description
Adversaries may leverage the network bandwidth resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
Adversaries may also use malware that leverages a system’s network bandwidth as part of a botnet in order to facilitate Network Denial of Service campaigns and/or to seed malicious torrents.(Citation: GoBotKR) Alternatively, they may engage in proxyjacking by selling use of the victims’ network bandwidth and IP address to proxyware services.(Citation: Sysdig Proxyjacking) Finally, they may engage in internet-wide scanning in order to identify additional targets for compromise.(Citation: Unit 42 Leaked Environment Variables 2024)
In addition to incurring potential financial costs or availability disruptions, this technique may cause reputational damage if a victim’s bandwidth is used for illegal activities.(Citation: Sysdig Proxyjacking)
How GTK Cyber trains on this
GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Impact tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.
Related techniques
- T1485 — Data Destruction
- T1486 — Data Encrypted for Impact
- T1489 — Service Stop
- T1490 — Inhibit System Recovery
- T1491 — Defacement
- T1495 — Firmware Corruption
- T1496 — Resource Hijacking
- T1498 — Network Denial of Service
- T1499 — Endpoint Denial of Service
- T1529 — System Shutdown/Reboot
- T1531 — Account Access Removal
- T1561 — Disk Wipe