Spearphishing via malicious attachments
Deployment of custom Remote Access Trojans (RATs)
Exploitation of vulnerabilities in edge network devices (routers/firewalls)
Credential harvesting
Lateral movement via Living-off-the-Land (LotL) techniques
Data exfiltration via encrypted C2 channels