Towards the end of an operation, threat actors – depending on their objectives – will need to exfiltrate discovered and archived data from compromised devices. To avoid detection, they will leverage a number of tactics and techniques. For example, threat actors can use a compromised server for exfiltration or leverage cloud storage such as Google Drive or Dropbox to remove data from the compromised network.