Exfiltration via SMS/MMS

A subject uses native mobile text messaging services, specifically Short Message Service (SMS) and Multimedia Messaging Service (MMS), to transmit sensitive organizational data to an external recipient. This behaviour enables data exfiltration through telecom-based channels that operate outside standard enterprise monitoring, logging, and data loss prevention controls.

Exfiltration via SMS is generally constrained to low-volume, text-based data such as credentials, contact lists, internal identifiers, or short excerpts of sensitive content. MMS expands this capability by allowing the transmission of images, screenshots, audio, or video, enabling higher-density data transfer including photographs or recordings of sensitive systems, documents, or physical environments.

The use of telecom-based messaging for data exfiltration presents significant investigative challenges. Evidence is frequently limited to device-level artifacts or external carrier records, which may be difficult to obtain. As such, this behaviour represents a high-risk exfiltration vector due to its low detectability, minimal technical barriers, and ability to bypass established security controls.