After the initial intrusion, APT groups will explore and map the network to determine the next best steps for lateral movement across the organization. By installing a series of backdoors, which allow them to access the network from multiple entry points, they can continue to perform reconnaissance and install hidden malware.
They can also attempt to crack passwords and gain administrative rights to secure areas where sensitive data resides. Most importantly, attackers will create a connection to an external command and control server for remote management of the hacked systems.