The group is targeting the biggest weak spot in most security postures: finding anomalous behavior by authorized entities.