The processes and tools behind a true APT campaign: Exfiltration

In this final stage of the APT campaign, all other phases have been completed and data is likely about to be removed from the network

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

This article is part of a series about APT campaigns. The other topics covered in this series are reconnaissance, weaponization and delivery, exploitation and installation, and command and control.

In part five of a series on understanding the processes and tools behind an APT-based incident, CSO examines the exfiltration phase. At this point, all of the other phases are complete, and if the campaign hasn't been halted before now, it's likely that data will be removed from the network.

[Data exfiltration: How data gets out]

To continue reading this article register now