In most cases the goal of an APT campaign is the theft of intellectual property, confidential information  or access to specific systems within the target organization’s network. For example, adversaries usually target for patented technologies, diplomatic information or access to computers of researchers and executives in order to monitor their activity. Due to the fact that the asset of interest is usually in digital form it’s hard to detect the theft which allows the adversaries to conduct the crime without being noticed.
The asset discovery usually happens during the lateral movement phase . Depending on the asset type the lateral movement stage might vary in length as it’s not always possible to quickly determine the location where data of interest is stored. Attacker’s try to perform basic network reconnaissance in order to map servers on the network. Additional information gathering might take place during the lateral movement stage. Once the target is identified adversaries try to get the access to the server and extract desired digital information.
After gaining access to the server where the assets of interest are stored the samples are validated. Discovery of additional assets might be performed if the APT group suspects that the identified digital information is partial. Once enough data is discovered, the stage of data exfiltration happens during which the intellectual property, confidential information, etc. is copied over the network.