216.73.217.22

T1052.001: Exfiltration over USB

View on MITRE ATT&CK The MITRE Corporation · Published 16/12/2025 19:38 · Modified 27/03/2026 01:11

Essential information

MITRE technique ID
T1052.001
Confidence
100/100
Revoked
No
Published
16/12/2025 19:38
Modified
27/03/2026 01:11
Author / Source
The MITRE Corporation

Aliases

T1052.001

Platforms

windows macos linux

Description

Adversaries may attempt to exfiltrate data over a USB connected physical device. In certain circumstances, such as an air-gapped network compromise, exfiltration could occur via a USB device introduced by a user. The USB device could be used as the final exfiltration point or to hop between otherwise disconnected systems.

Kill chain phases

Kill chainPhase
mitre-attack exfiltration

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.