Once established within a system or network, threat actors may use automated techniques for collecting internal data. Methods for performing this technique could include use of a Command and Scripting Interpreter to search for and copy information fitting set criteria such as file type, location, or name at specific time intervals.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.