I wrote recently about how Office 365 accounts are most commonly breached - through leaked credentials. This covered the different ways that credentials can be breached through various factors, including many human misconceptions and failures can be mixed with other internal and external forces. This article is going to cover the anatomy of what happens after the hacker has gained access. There are many things a hacker may be seeking including information extraction or means of corporate espionage.