Exfiltration
The unauthorized transfer of data from a system or network to a location controlled by an attacker.
Full Definition
Data exfiltration is the unauthorized copying, transfer, or retrieval of data from a victim's system to a location controlled by a threat actor. It represents the culmination of most data breach attacks and is a primary objective in both espionage and financially motivated intrusions.
Exfiltration techniques vary widely: HTTP/S transfers to attacker-controlled servers, DNS tunneling, encrypted archive uploads, email forwarding, and cloud storage abuse (uploading to Dropbox, Google Drive, etc.) are all common methods designed to blend in with normal traffic.
For infostealer malware, exfiltration is automated and near-instantaneous — credentials, browser cookies, crypto wallet files, and documents are harvested and transmitted to C2 infrastructure within minutes of infection. Detecting exfiltration requires deep packet inspection, data loss prevention (DLP) tools, and network traffic anomaly detection.
Related Terms
Infostealer
Malware designed to silently harvest credentials, cookies, and sensitive data from infected devices.
Malware & InfrastructureCommand and Control (C2/C&C)
Infrastructure used by threat actors to remotely communicate with and control compromised systems.
Malware & InfrastructureLateral Movement
Techniques used by attackers to progressively move through a network after initial compromise.
Attack TypesData Breach
A security incident in which protected or confidential data is accessed, stolen, or disclosed without authorization.
Data & LeaksMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.