1. Home
  2. Techniques
  3. Mobile
  4. Network Information Discovery

Network Information Discovery

Adversaries may use device sensors to collect information about nearby networks, such as Wi-Fi and Bluetooth.

ID: T1507
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Collection
Platforms: Android
Version: 1.0
Created: 10 July 2019
Last Modified: 10 July 2019
Provided by LAYER 8

Procedure Examples

ID Name Description
S0405 Exodus

Exodus Two collects a list of nearby base stations.[1]

S0509 FakeSpy

FakeSpy can collect the device’s network information.[2]
S0408 FlexiSpy

FlexiSpy can collect a list of known Wi-Fi access points.[3]

S0407 Monokle

Monokle can retrieve nearby cell tower and Wi-Fi network information.[4]
S0399 Pallas

Pallas gathers and exfiltrates data about nearby Wi-Fi access points.[5]
S0506 ViperRAT

ViperRAT can collect the device’s cell tower information.[6]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

  1. Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.
  2. O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.
  3. FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.
  1. Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.
  2. Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.
  3. M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.