Threat actors may deliver payloads to remote systems by adding content to shared storage locations, such as network drives or internal code repositories. Content stored on network drives or in other shared locations may be tainted by adding malicious programs, scripts, or exploit code to otherwise valid files. Once a user opens the shared tainted content, the malicious portion can be executed to run the adversary's code on a remote system. Threat actors may use tainted shared content to move laterally.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.