The one where they installed a remote access script on a workstation, waited for 6 months before spending all of 5 minutes bypassing a few layers of security products, gaining domain admin, and then exfiltrating 3 docs relating to a Russian dude’s trial from like 6 years prior.