Bandwidth Hijacking

Bandwidth Hijacking is a sophisticated sub-technique of Resource Hijacking under the Impact tactic where adversaries commandeer network bandwidth from compromised systems to facilitate their operations without the victim's knowledge. In this attack, threat actors leverage existing system resources to transmit large volumes of data over the victim's network infrastructure, potentially causing performance degradation, increased costs, or service disruptions. Attackers may implement malware that silently operates in the background to perform bandwidth-intensive activities such as hosting illegal content, participating in distributed denial-of-service attacks, or transmitting exfiltrated data. This technique often evades detection through throttling mechanisms that maintain bandwidth usage just below noticeable thresholds or by operating during periods of expected network activity. The financial impact can be substantial for organizations with metered internet connections, while the operational impact may manifest as reduced network performance affecting business-critical applications. Detecting bandwidth hijacking typically requires baseline network utilization monitoring, anomaly detection systems, and deep packet inspection to identify unauthorized data flows.