Credential Stuffing is really under-rated attack vector which many organizations tend to ignore. While based on investigating large number of threat actors, it remains favorite attack vector of many financially motivated and state sponsored attackers.

The attack vector is really successful while gaining access to Active Directory for initial access when you have exploit to upload backdoor through MS Sharepoint.