Adversaries may target and collect data from information repositories. This can include sensitive data such as specifications, schematics, or diagrams of control system layouts, devices, and processes. Chinese state-sponsored actors searched document repositories for specific information such as, system manuals, remote terminal unit (RTU) sites, personnel lists, and personnel lists. This information may be used to gain more information about the process itself or used as a trigger for malicious actions. An adversary may attempt to upload a program from a PLC to gather information about an industrial process.”]
Source: https://collaborate.mitre.org/attackics/index.php/Collection