Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ATTACK
  3. >Impact
  4. >ATTACK-T1496.002
ATTACK-T1496.002Active

Bandwidth Hijacking

Statement

Adversaries may leverage the network bandwidth resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.

Adversaries may also use malware that leverages a system's network bandwidth as part of a botnet in order to facilitate Network Denial of Service campaigns and/or to seed malicious torrents.(Citation: GoBotKR) Alternatively, they may engage in proxyjacking by selling use of the victims' network bandwidth and IP address to proxyware services.(Citation: Sysdig Proxyjacking) Finally, they may engage in internet-wide scanning in order to identify additional targets for compromise.(Citation: Unit 42 Leaked Environment Variables 2024)

In addition to incurring potential financial costs or availability disruptions, this technique may cause reputational damage if a victim’s bandwidth is used for illegal activities.(Citation: Sysdig Proxyjacking)

Location

Tactic
Impact

Technique Details

Identifier
ATTACK-T1496.002
Parent Technique
ATTACK-T1496
ATT&CK Page
View on MITRE

Tactics

Impact

Platforms

LinuxWindowsmacOSIaaSContainers

Detection

Detect Excessive or Unauthorized Bandwidth Usage for Botnet, Proxyjacking, or Scanning Purposes

No cross-framework mappings available

← Back to Impact
Impact33 controls
ATTACK-T1485Data DestructionATTACK-T1485.001Lifecycle-Triggered DeletionATTACK-T1486Data Encrypted for ImpactATTACK-T1489Service StopATTACK-T1490Inhibit System RecoveryATTACK-T1491DefacementATTACK-T1491.001Internal DefacementATTACK-T1491.002External DefacementATTACK-T1495Firmware CorruptionATTACK-T1496Resource HijackingATTACK-T1496.001Compute HijackingATTACK-T1496.002Bandwidth HijackingATTACK-T1496.003SMS PumpingATTACK-T1496.004Cloud Service HijackingATTACK-T1498Network Denial of ServiceATTACK-T1498.001Direct Network FloodATTACK-T1498.002Reflection AmplificationATTACK-T1499Endpoint Denial of ServiceATTACK-T1499.001OS Exhaustion FloodATTACK-T1499.002Service Exhaustion FloodATTACK-T1499.003Application Exhaustion FloodATTACK-T1499.004Application or System ExploitationATTACK-T1529System Shutdown/RebootATTACK-T1531Account Access RemovalATTACK-T1561Disk WipeATTACK-T1561.001Disk Content WipeATTACK-T1561.002Disk Structure WipeATTACK-T1565Data ManipulationATTACK-T1565.001Stored Data ManipulationATTACK-T1565.002Transmitted Data ManipulationATTACK-T1565.003Runtime Data ManipulationATTACK-T1657Financial TheftATTACK-T1667Email Bombing