Threat actors may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.