Content exfiltration is
|“||[t]he transmission of the content of a communication from a collaborator, deliberately or unwittingly, to an attacker.||”|
|“||the attack in which the collaborator simply provides the attacker with the desired data or metadata.||”|
"Unlike the key exfiltration cases, this attack does not require the attacker to capture the desired data as it flows through the network. The risk is to data at rest as opposed to data in transit. This increases the scope of data that the attacker can obtain, since the attacker can access historical data — the attacker does not have to be listening at the time the communication happens."