A reverse SSH shell. Look that up. Works behind any router, firewall except maybe if specifically blocking SSH but then they could also use a similar concept and obfuscate that traffic. This could be activated as soon as the processor sees a special “codeword” (any pattern).