In recent breach incidents, threat actors have been observed not only accessing systems, but also directly querying internal databases and stealing sensitive information. Particularly, more threat actors are installing DB client tools directly on targeted systems to exfiltrate data, and legitimate tools such as DBeaver, Navicat, and sqlcmd are being used in this process. […]
