Threat actors may achieve persistence by leveraging OAuth application integrations in a software-as-a-service environment. Threat actors may create a custom application, add a legitimate application into the environment, or even co-opt an existing integration to achieve malicious ends.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.