Nation-state attackers have the resources to store as much data as they want. To escape attention and remain invisible to security software, they try to avoid infecting random users and instead rely on a generic remote system management tool that can copy any information they might need and in any volumes.
This could work against state-sponsored actors because moving a large volume of data could slow down the network connection and arouse suspicion. This is one of the reasons some of theses attacks have been stopped in the past.
Sign up for CIO Asia eNewsletters.