216.73.217.22

T1011: Exfiltration Over Other Network Medium

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 27/03/2026 01:09

Essential information

MITRE technique ID
T1011
Confidence
100/100
Revoked
No
Published
16/12/2025 19:38
Modified
27/03/2026 01:09
Author / Source
The MITRE Corporation

Aliases

T1011

Platforms

windows macos linux

Description

Adversaries may attempt to exfiltrate data over a different network medium than the command and control channel. If the command and control network is a wired Internet connection, the exfiltration may occur, for example, over a WiFi connection, modem, cellular data connection, Bluetooth, or another radio frequency (RF) channel. Adversaries may choose to do this if they have sufficient access or proximity, and the connection might not be secured or defended as well as the primary Internet-connected channel because it is not routed through the same enterprise network.

Kill chain phases

Kill chainPhase
mitre-attack exfiltration

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.