Every operation has an objective, and some involve threat actors harvesting data. The data points typically include personally identifiable information, financial data, intellectual property, credentials, authentication tokens, etc. Data can be harvested for extortion, but it can also be leveraged for subsequent phases of an operation, such as lateral movement. Threat actors’ techniques for collecting data include gathering information from shared and cloud drives, archives, clipboards, removable media, and email folders. They can also collect additional information through screen captures and keyloggers or man-in-the-middle proxies.