TECHNIQUES
- Home
- Techniques
- Mobile
- Network Information Discovery
Network Information Discovery
Adversaries may use device sensors to collect information about nearby networks, such as Wi-Fi and Bluetooth.
ID: T1507
Sub-techniques:
No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic:
Collection
Platforms: Android
Version: 1.0
Created: 10 July 2019
Last Modified: 10 July 2019
Procedure Examples
Name | Description |
---|---|
Exodus | |
FakeSpy | |
FlexiSpy |
FlexiSpy can collect a list of known Wi-Fi access points.[3] |
Monokle |
Monokle can retrieve nearby cell tower and Wi-Fi network information.[4] |
Pallas |
Pallas gathers and exfiltrates data about nearby Wi-Fi access points.[5] |
ViperRAT |
ViperRAT can collect the device’s cell tower information.[6] |
Mitigations
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.
References
- Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.
- O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.
- FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.
- Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.
- Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.
- M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.
×