Threat actors may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.