Spear-phishing with malicious attachments
Exploitation of edge-facing vulnerabilities (VPNs, Firewalls, Routers)
Living-off-the-land (LotL) techniques
DLL Side-loading
Use of Cobalt Strike for post-exploitation
Credential harvesting via fake login portals
Custom malware deployment (e.g., various loaders and backdoors)
Supply chain compromise