Threat actors may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.