Establishing different ways to stay connected in the system, escalating privileges, and executing purpose of the access.
Once an attacker is inside a system, the next step is to expand out and move to new areas of the network. Usually, an attacker will gain control of a low-level user’s account, and will try to gain access to an administrator account. Attackers moving through systems and gaining escalating privileges is known as lateral movement. An attacker’s goal at this stage is to remain stealthy and to continuously gain more power within the network.