This is what the attacker came for. Objectives vary by motivation: espionage operations focus on data exfiltration, carefully staging and slowly moving sensitive files to avoid triggering data loss prevention tools. Ransomware operators disable backups, escalate to domain administrator, and often exfiltrate data before encrypting it, enabling double extortion. Destructive attacks deploy wiper malware to permanently destroy systems. In all cases, lateral movement is critical, with attackers pivoting across the network using techniques like Pass-the-Hash and Kerberoasting to reach high-value targets. Strong detection, segmentation, and incident response can stop attackers even at this late stage.