Security teams and researchers depend on publicly documented analyses of tools, routines, and behaviors to update themselves on the latest findings in the cybersecurity landscape. Published information serves as a reference for the known tactics, techniques, and procedures (TTPs) to install defenses against advance persistent threats (APTs) and prevent attacks that are likely to occur in their respective industries.
However, having theoretical knowledge of defending against an attack immensely differs from experiencing it firsthand. The published routines, tools, and behaviors could differ from the execution of criminal groups per targeted company or industry. Moreover, the difference is largely based on the researched environment of the companies under compromise.
Source: Trend Micro