At the Apple headquarters of Cork, Ireland, low hanging fruit employees are being offered to sell their logins online, for up to $23,000 US. Easy Pickings!
An employee login is very valuable, allowing for legitimate authentication to internal systems can lead to a detailed analysis of the network, exploring file-shares that haven’t been cleaned up in decades (like everywhere else), exfiltration of intellectual property, and perhaps access to other accounts. Many hackers, once in, will try to escalate privileges and set up remotely accessible back doors.
I advise companies to ramp up their social engineering programs to include bribing at after hours events to get a feel for lower paid workers, the beef up the security awareness and ethics training. Also, pay attention to privileged access management.