The joint advisory describes the five typical steps involved in planning and executing such an attack. The agencies believe that understanding threat actors’ TTPs can be useful for implementing protections and countering adversaries.