Spear-phishing with malicious attachments
Exploitation of public-facing vulnerabilities (CVEs)
Custom malware deployment (Backdoors, RATs, Info-stealers)
Credential harvesting via fake login pages
Supply chain compromise
Lateral movement via SMB and WMI
Data exfiltration via encrypted C2 channels