The attackers found a staging server and attempted to exploit vulnerabilities using a tool called Mimikatz, which digs passwords out of memory, to escalate privileges and access other servers.