Threat Actors may modify file time attributes to hide new files or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder and blend malicious files with legitimate files.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.