At some point in a campaign, threat actors will look to harvest and steal account names. Leveraging legitimate accounts to access a target makes the anomalous behavior harder to detect and provides an opportunity to create more accounts. Threat actors can acquire credentials through techniques such as Brute Force attacks, unsecured credential stores or configuration dumps through exposed APIs or through web path traversal, network sniffing and man-in-the-middle attacks.