An APT attacks involves seven basic steps, according to Mandiant. Attackers research and identify individuals they will target in the attacks, using public search or other methods. From here, they move “laterally” within the victim’s network, installing backdoors here and there. “These are very sophisticated, determined, and coordinated activities,” Mandiant’s Malin says. “The attackers are not there to snatch and grab data. They are in there to stay awhile,” he says.”]
Source: https://www.darkreading.com/attacks-breaches/anatomy-of-a-targeted-persistent-attack