← Back to Explore
T1020.001
Traffic Duplication
Adversaries may leverage traffic mirroring in order to automate data exfiltration over compromised infrastructure. Traffic mirroring is a native feature for some devices, often used for network analysis. For example, devices may be configured to forward network traffic to one or more destinations for analysis by a network analyzer or other monitoring device. (Citation: Cisco Traffic Mirroring)(Citation: Juniper Traffic Mirroring) Adversaries may abuse traffic mirroring to mirror or redirect net...
Network DevicesIaaS
1
Detections
1
Sources
0
Threat Actors
BY SOURCE
1splunk_escu
PROCEDURES (1)
Network Connection Monitoring1 detections
Auto-extracted: 1 detections for network connection monitoring