Threat actors may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application. Threat actors may install malicious components to extend and abuse server applications.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.