System Network Connections Discovery
Adversaries may attempt to get a listing of network connections to or from the compromised device they are currently accessing or from remote systems by querying for information over the network.
Senses
Sense 1
Adversaries may attempt to get a listing of network connections to or from the compromised device they are currently accessing or from remote systems by querying for information over the network.
This is typically accomplished by utilizing device APIs to collect information about nearby networks, such as Wi-Fi, Bluetooth, and cellular tower connections. On Android, this can be done by querying the respective APIs:
-
WifiInfofor information about the current Wi-Fi connection, as well as nearby Wi-Fi networks. Querying theWiFiInfoAPI requires the application to hold theACCESS_FINE_LOCATIONpermission. -
BluetoothAdapterfor information about Bluetooth devices, which also requires the application to hold several permissions granted by the user at runtime. -
For Android versions prior to Q, applications can use the
TelephonyManager.getNeighboringCellInfo()method. For Q and later, applications can use theTelephonyManager.getAllCellInfo()method. Both methods require the application hold theACCESS_FINE_LOCATIONpermission.
- MITRE ATT&CK (Mobile, CTI STIX Data)Jan 06, 2026MITRE ATT&CK CTI (STIX bundle)https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/mobile-attack/mobile-attack.jsonSee repository LICENSE.txt for ATT&CK terms: non-exclusive royalty-free license; reproduce MITRE copyright + license in copies. Verify requirements before publishing quoted text.Source: MITRE ATT&CK (attack-stix-data).