Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.