Advanced persistent threats (APTs) rely on expensive, multi-staged tools that sometimes take years to develop, so, for their own operational security, APT operators need to be able to discover other malware on their target. A low-level malware operating on the same network might catch the attention of a target’s defense grid and risk the entire advanced campaign. So the APT operator must assess the risk of exposure and carefully plan their next steps. For example, they could try to compromise the other attacker’s tool and snatch the stolen data. If the other attacker has a strong foothold, the APT operator might choose an alternative endpoint, vector, or method, or even give up and move on to a new target. |